From owner-freebsd-security Sat Jun 2 10:36: 5 2001 Delivered-To: freebsd-security@freebsd.org Received: from crate.alongtheway.com (crate.alongtheway.com [208.176.94.56]) by hub.freebsd.org (Postfix) with ESMTP id 7CAF137B624 for ; Sat, 2 Jun 2001 10:35:56 -0700 (PDT) (envelope-from jamesb-freebsd-security@alongtheway.com) Received: (qmail 10574 invoked from network); 2 Jun 2001 17:35:51 -0000 Received: from localhost (HELO 5812-213.024.popsite.net) (nobody@127.0.0.1) by localhost with DES-CBC3-SHA encrypted SMTP; 2 Jun 2001 17:35:51 -0000 Received: (qmail 24170 invoked by user); 2 Jun 2001 17:35:43 -0000 Date: Sat, 2 Jun 2001 17:35:43 +0000 From: Jim Breton To: security@FreeBSD.org Subject: Re: Apache Software Foundation Server compromised, resecured. (fwd) Message-ID: <20010602173543715890.4895@alongtheway.com> Mail-Followup-To: security@FreeBSD.org References: <20010602155302.A56136@mail.webmonster.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: ; from rwatson@FreeBSD.org on Sat, Jun 02, 2001 at 10:06:30AM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, Jun 02, 2001 at 10:06:30AM -0400, Robert Watson wrote: > For example, you can imagine enabling SSH > agent forwarding when logging in as yourname@somehost, but disabling it > when logging in as ftp@somehost. Likewise, requiring different keys for > yourname@host:8080, with different policy. What about making several aliases in .ssh/config, e.g.: Host yourname Hostname somehost User yourname Port 8080 IdentityFile ~/.ssh/id_yourname ForwardAgent yes Host ftp Hostname somehost User ftp Port 6666 IdentityFile ~/.ssh/id_ftp ForwardAgent no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message