That's terrifying. I don't understand why the design requires Forwarding to work... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		gowld on May 1, 2024 \| parent \| context \| favorite \| on: New startup sells coffee through SSH That's terrifying. I don't understand why the design requires Forwarding to work without more explicit consent from the client at use time. (That is, when the middle tier wants to make a connection, it should forward an encrypted challenge from the server that can only be decrypted, answered, and re-encrypted by the original ssh keyholder on the client, similar to how, you know, ssh itself works over untrusted routers.

acchow on May 1, 2024 | [–]

AFAIK, that’s exactly how agent forwarding works. The explicit part is that you need to explicitly turn it on

ZiiS on May 1, 2024 | [–]

It is not the default, you would have to have a silly config for this to matter.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact