tech-security: Re: ssh - are you nuts?!?

Subject: Re: ssh - are you nuts?!?
To: Chris Jones <chris@cjones.org>
From: Jason R Thorpe <thorpej@zembu.com>
List: tech-security
Date: 12/17/2000 10:52:25

On Sun, Dec 17, 2000 at 09:19:05AM -0700, Chris Jones wrote:

 > Password-less login.  I can type my passphrase once, and for the
 > remainder of the life of the login session or shell, I can ssh "for
 > free" into certain machines.

To be fair, you can also have this with Kerberos 5 -- acquire a TGT
with forwardable credentials, and then tell whatever you're using to
forward them:

dr-evil:thorpej 22$ kinit -f
thorpej@SHAGADELIC.ORG's Password: 
dr-evil:thorpej 23$ telnet -axf yeah-baby
Trying 3ffe:507:183::1...
Connected to yeah-baby.shagadelic.org.
Escape character is '^]'.
[ Trying KERBEROS5 ... ]
[ Kerberos V5 accepts you as ``thorpej@SHAGADELIC.ORG'' ]
[ Kerberos V5 accepted forwarded credentials ]
...
yeah-baby:thorpej 1$ telnet -ax frau-farbissina
Trying 3ffe:507:183::9...
Connected to frau-farbissina.shagadelic.org.
Escape character is '^]'.
[ Trying KERBEROS5 ... ]
[ Kerberos V5 accepts you as ``thorpej@SHAGADELIC.ORG'' ]
...
frau-farbissina:thorpej 1$

-- 
        -- Jason R. Thorpe <thorpej@zembu.com>