SSH Agent Explained

Thanks for this. Wanted to put in a pitch for Dima Kogan&#x27;s more-secure way of doing ssh-agent forwarding: <a href="https:&#x2F;&#x2F;github.com&#x2F;StanfordSNR&#x2F;guardian-agent" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;StanfordSNR&#x2F;guardian-agent</a><p>It works with SSH and Mosh. The basic idea is that before agreeing to a request, the principal or their agent should know (a) what machine is asking, (b) what remote machine they want to connect to, and (c) what command line they want to run on the principal&#x27;s behalf. And the principal&#x27;s authorization should then be limited to that context.<p>The ssh-agent protocol doesn&#x27;t give the agent <i>any</i> of that information; it&#x27;s really just intended for local SSH-like processes to ask &quot;please sign this blob so I can connect somewhere&quot; without them having to see the plaintext private key. Forwarding that to untrusted remote machines isn&#x27;t ideal.<p>It turns out an agent can get access to this information and limit the scope of authorization in a mostly[1] backwards-compatible way, which is how guardian-agent works, but imo it would be preferable if a future version of the SSH protocol were designed more expressly for secure agent forwarding.<p>[1] For (c), the remote server has to be OpenSSH because guardian-agent relies on a nonstandard extension.

One thing I like to do with the SSH Agent is also forward my X.509 certificates by adding new opcodes to the SSH Agent protocol, then you can do stuff like PKCS#11 on the remote side with your local smartcard. [0]<p>This gives you, among other things, passwordless but authenticated &quot;sudo&quot; capability (which is actually required by the DOD, though nobody does it).<p>[0] <a href="http:&#x2F;&#x2F;cackey.rkeene.org&#x2F;fossil&#x2F;artifact&#x2F;0d0e90bbfdee672c?ln=296-312%20481-482%20561-563%20573-576" rel="nofollow">http:&#x2F;&#x2F;cackey.rkeene.org&#x2F;fossil&#x2F;artifact&#x2F;0d0e90bbfdee672c?ln...</a>

I regularly ssh into boxes with varying IPs. Something like &quot;ssh -i &lt;key&gt; &lt;user&gt;@&lt;ip&gt;&quot;. Every time I want to scp a file, I quit the ssh session, press UP, modify the ssh command into an scp one, execute then restore the ssh session. It&#x27;s slow and annoying.<p>Does anyone know of a way to use scp without hassle, once ssh session is established?

Something that&#x27;s skimmed over in the article but not addressed is: if the key pair isn&#x27;t used for encryption, then how are session keys protected?<p>The answer is: using the server&#x27;s public key which is transmitted to client when establishing the connection.<p>But then it&#x27;s trivial to perform a person-in-the-middle attack and both observe and manipulate the plain text data by sending the client the attacker&#x27;s public key.<p>That&#x27;s why it&#x27;s crucial to retrieve host keys via secure channels and explicitly whitelist them on clients.

The author states:<p>&gt;&quot;Later in the handshake process, a set of new, ephemeral and symmetric keys are generated and used to encrypt the SSH session traffic.&quot;<p>This isn&#x27;t correct. After the TCP handshake, both systems agree on a session key by using the Diffie-Hellman key exchange. It&#x27;s only after establishing a session key that user authentication takes place. There&#x27;s a re-keying event but that&#x27;s not part of the initial handshake and only happens later when some threshold(time or blocks) has been reached.

The problem is that this breaks with use of tmux or similar tools since the scope of the SSH session is often smaller than the scope of my doing something on a machine. I&#x27;ve moved to just having a limited-use key with access to dev machines and git on the hard drive of each machine I use, which covers the cases I care about.

I restart my computer pretty infrequently and everytime I do, I can&#x27;t connect to various things. Inevitably I realize I didn&#x27;t run ssh-add and after debugging, things work again once I have run this command. But I never really looked into the basics.<p>Thanks to this article I realize why I need to do that every time. :)

SSH agent has other interesting possibilities too - it&#x27;s an opaque channel from far server to your local machine, there must be various cool hacks you could do.<p>Years ago I wrote something to copy a file from a remote machine to my desktop over ssh-agent, worked well back then. <a href="https:&#x2F;&#x2F;matt.ucc.asn.au&#x2F;ssh-xfer&#x2F;" rel="nofollow">https:&#x2F;&#x2F;matt.ucc.asn.au&#x2F;ssh-xfer&#x2F;</a>

Thank you for the well done intro and the security risk implied with agent forwarding. I&#x27;d be curious how to actually sign with the ssh-agent as you mentioned it. I&#x27;d also like to know if when OS at login automatically decrypts the default private key, for later use e.g. pushing to github, what would be the risk? Would there be another preferred behaviour?

A pithy way of explaining all this: ssh-agent is exactly like a U2F token but implemented in software and using a slightly different protocol. But both do the same thing and serve the same purpose.

What I am missing is why ever use ssh agent, including any re-enforced variations, if ProxyJump has none of the ssh agent issues and has little to no other disadvantages?

Cool, didn&#x27;t know about -J! I have been using dodgy port forwarding all this time.<p>Now I just need to set up my Somu, and I will be living in 2020.

Nit: The TL;DR is what is called an introduction.

I skip ssh-agent and use gpg-agent instead, which does both ssh and gpg agenting. Combined with monkeysphere, I store ssh private keys in gpg rather than in the encrypted ssh format.