keychain / authentication-forwarding security question

[6169]

Just discovered ssh-keygen, ssh-agent, and keychain (lol, roughly in that order, within about an hour of each other) the other day. I had been using ssh conventionally with regular passwords for some time. Besides the fact that using keypairs is just plain cool, its more secure and convenient, especially with keychain.

I understand that using keychain and ssh's authentication-forwarding ability is more secure than running ssh-agent on untrusted machines. However, the OpenSSL manpages offer the following cheerfully ominous warning:


Agent forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the agent's Unix-domain socket) can access the local agent through the forwarded connection. An attacker cannot obtain key material from the agent, however they can perform operations on the keys that enable them to authenticate using the identities loaded into the agent.


Roughly, this means that it is technically possible for a user with root on the box I am logging into to hijack my keychain? Is this feasably accomplished? Should I then avoid using authentication forwarding when logging into remote boxes where I don't trust the sysadmin at all?

[neilhwatson]

I can't say for sure it this is possible but, if you don't trust the person or persons with root access on a machine that you are using then I'd say this is the least of your problems. If you can't trust them then you cant trust ANY aspect of that system.
_________________
The true guru is a teacher.
Neil Watson

[6169]

That is very true. I it just seems that logging in using my public key on the 'untrusted' machine should be safe, since my private key or passphrase never exists on that system or is passed on the network. However using ForwardAgent would then make this dangerous?