Xshell Forum

Can I always force an Xagent password prompt

Last post: Wednesday, March 18, 2015 11:05 PM by Support, 3 reply

 
Friday, March 6, 2015 1:54 PM - Derrick

Can I always force an Xagent password prompt

 
When I'm using ssh keys and forwarding keys I know that if I manually close the close in Xagent i'll be prompted for the password. However, once it's open I don't get prompted again if it's re-used. Is there a way to force it to always prompt anytime a key is used?

This is important because a hacker could be sitting on one of the linux boxes and re-use my ssh auth socket if they've obtained root and use it to further auth against other machines. I'd like to make sure that everytime it's queried i have to type a password. So far I can't find this functionality in XAgent.

Program Ver. : Xshell 5
Sunday, March 8, 2015 7:09 PM - Support

Re: Can I always force an Xagent password prompt

 
One main purpose of Xagent is to allow you to prevent entering the same authentication process all the time. What you are trying to do is the opposite of this. Technically it shouldn't be hard to implement such feature but we should analyze if it does have any security benefits.

When the remote system is breached and say the hacker has root account now, then that means he can capture everything you type into the system too. Could you explain how typing the password out every time you login can increase security?

---
Technical Support
Wednesday, March 18, 2015 12:45 PM - Derrick

Re: Can I always force an Xagent password prompt

 
Let's say i'm using ssh key forwarding to access another system. There's a socket that's opened to pass that information on. If I'm not challenged each time to confirm when the key will be used, I won't know if the hacker is using my keys to further access other systems.

Ideally, for convenience sake, once I've entered my password into Xagent to open the keys, any time the key is used I'd like a button to popup so i can just confirm that it's okay to use it for further verification. I do like the convenience of XAgent, but alas, I have too many friends that are pen-testers now that are threatening to make me regret my choice of ssh clients.
Wednesday, March 18, 2015 11:05 PM - Support

Re: Can I always force an Xagent password prompt

 
I think you have valid point here. It will be useful to give users an option to be notified (and get confirmation) when key is used. I have already requested this feature to our developers (case # 3054).


---
Technical Support