PuTTY wish pageant-key-confirm

This is a mirror. Follow this link to find the primary PuTTY web site.

Home | FAQ | Feedback | Licence | Updates | Mirrors | Keys | Links | Team
Download: Stable · Snapshot | Docs | Changes | Wishlist

summary: Option to require confirmation of key use in Pageant
class: wish: This is a request for an enhancement.
difficulty: tricky: Needs many tuits.
depends: pageant-named-pipe
priority: medium: This should be fixed one day.

Currently, SSH agent forwarding with Pageant is a fairly extreme trade-off of security against convenience; allowing a remote server to access your agent means that it can make use of any of the keys held by your agent any number of times without any confirmation or notification to you.

A different trade-off would be to require confirmation from the local user when a signature is requested for some or all keys. (OpenSSH's agent supports this with ssh-add -c, which requests confirmation with SSH_ASKPASS.)

As with most of these sorts of features, this depends on pageant-named-pipe in Windows Pageant.

If you want to comment on this web site, see the Feedback page.
Audit trail for this wish.
(last revision of this bug record was at 2017-04-28 16:52:45 +0100)