We just open sourced a new key management project for ssh to reduce risk of lateral movementhttps://medium.com/uber-security-privacy/introducing-the-uber-ssh-certificate-authority-4f840839c5cc#.hxvdrbcds …
as far as I can tell, the PAM module needs to be able to connect to a forwarded agent that permits it to sign random data?
-
-
yes. uber employees forward their agents to uber machines. ssh_config is managed. 1/2
-
standard ssh-agent advice still applies: don't forward your agent to an untrusted machine. 2/2
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.