[ET Trac] [Einstein Toolkit] #605: Simfactory does not find the right 'path' for symlinked cactus directories
Einstein Toolkit
trac-noreply at einsteintoolkit.org
Tue Aug 13 07:13:42 CDT 2013
#605: Simfactory does not find the right 'path' for symlinked cactus directories
-------------------------+--------------------------------------------------
Reporter: knarf | Owner: eschnett
Type: defect | Status: review
Priority: minor | Milestone:
Component: SimFactory | Version: development version
Resolution: | Keywords:
-------------------------+--------------------------------------------------
Comment (by hinder):
If you have a private key on machine A, and log in to machine B with
agent-forwarding, so that you can then log in to machine C from B, then
you give machine B the ability to authenticate using your private key to
any other system. If machine B is compromised, this is a security
vulnerability which is worse than logging into machine C directly. Note
that your key itself is not compromised, as the key never leaves machine
A. But the agent on machine A can be instructed by machine B to
authenticate data using your private key on machine A for the duration of
your session on A. This is why agent-forwarding to machines where you do
not 100% trust root (or that root has been compromised) has a higher risk.
I do it anyway, but only when I need to; i.e. I don't have agent-
forwarding on by default, I use "-A' when I am going to need it.
--
Ticket URL: <https://trac.einsteintoolkit.org/ticket/605#comment:24>
Einstein Toolkit <http://einsteintoolkit.org>
The Einstein Toolkit
More information about the Trac
mailing list