![]() Manage and scale up to thousands of Linux and Windows VMsīuild and deploy Spring Boot applications with a fully managed service from Microsoft and VMwareĪ dedicated physical server to host your Azure VMs for Windows and LinuxĬloud-scale job scheduling and compute management Simplify operations and management from cloud to edge with an AI companionĪccess cloud compute capacity and scale on demand-and only pay for the resources you use Secure, develop, and operate infrastructure, apps, and Azure services anywhere Jump in and explore a diverse selection of today's quantum hardware, software, and solutions ![]() Quickly create powerful cloud apps for web and mobileĮverything you need to build and operate a live game on one platformĮxecute event-driven serverless code functions with an end-to-end development experience Migrate, modernize, and innovate on the modern SQL family of cloud databasesīuild or modernize scalable, high-performance appsĭeploy and scale containers on managed KubernetesĪdd cognitive capabilities to apps with APIs and AI services Provision Windows and Linux VMs in secondsĮnable a secure, remote desktop experience from anywhere With a protocol-filtering approach both hosts can prune back the amount of access being forwarded onwards.Explore some of the most popular Azure products On the first hop I want to give "B" access to keys "K1,K2" but then it wants to only give access to "K2" to C. For one thing it's flexible to allow for multiple hops. I also think the "filter" approach makes more sense than having truly separate ssh-agent binaries running. * As I mentioned in the PR, I was able to reuse a lot of the existing code for the agent protocol that already is compiled into the client. * Filtering rules can be easily managed as. Ultimately I thought that something built into the client was better overall for a couple reasons: It wouldn't be as bad if there was a way to make the ssh client manage the lifetime of the agent process itself (similar to Prox圜ommand or something) And I definitely looked into building something like that. > Of course, you still need to run a separate agent for each security domain you wish to keep separate. Of course, this means nothing if your access to your shell on a trustworthy server is compromised, but wholesale discounting this is not helping people. Computers which are shared with multiple people (think of a family) may have users who aren't as careful.Ī shell on a trustworthy provider such as SDF may be safer as a place to store keys and from which to run ssh-agent, so this scenario shouldn't be discounted. Work computers may have nefarious software on them. Windows computers, for instance, aren't trustworthy in the long term. There are many scenarios where a physically local computer is only trustworthy for the moment, and where this could change at any time. Second, if you're going to exclude every server on which anyone else has root, you're essentially excluding all hosting (except colocation), since essentially that means all computers you don't physically manage. Guardian Agent is a sort of hack that allows the agent to know (a), (b), and (c) before deciding whether to grant or deny the request, so the user can set up policies like, "I'd like to allow `semi-trusted host x` to use to run "git pull from " when talking to `git server z`, but that's it." The basic ssh-agent protocol just doesn't have enough info to be able to do something like that.įirst, the author writes as if shell servers with multiple people don't exist. If requests are coming from a semi-trusted intermediary host, the protocol doesn't tell the agent (a) "what remote server is being authenticated to ", or (b) "what command is going to be executed?" It doesn't even really know (c) "what (semi-trusted) host forwarded the challenge and is asking to authenticate to the remote server?" (although this one you can approximate today by running lots of agents and giving each local ssh command a different agent to forward requests to). The basic story is that ssh-agent really just exposes a primitive of "please sign this challenge," which is useful locally, but the protocol wasn't designed to be forwarded. ObPlug for Guardian Agent, which is basically "safe" ssh-agent forwarding (and works with Mosh and SSH):
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |