When using SSH agent forwarding, your private key is absolutely not compromised if the host you connect to is compromised. All that happens when forwarding is that a socket is set up so that the forwarding host can proxy any authentication actions back to your home host (the one with the private key).
The root user on the forwarding machine should be trusted because they can monitor the contents of the agent socket while your connection is active, being able to eavesdrop on communications, but since your private key never leaves your own host, there's no way it could be leaked.
The fact that your private key is never transmitted is one of the core strengths of asymmetric keys. Did you think you were leaking your private key to any server you SSH'd to?
Hum, I think you're missing some detail too. When agent forwarding is active, root can use that listening socket to authenticate evil connections while you're logged into that machine. I'm actually surprised OpenSSH doesn't yet print a large warning when you go to connect and forwarding is enabled.
All Mallory must do is rifle through your known_hosts (or bash_history if hashing is enabled), wait for you to connect, then su to your account, fix up the environment, and SSH to some boxes of yours, and update your authorized_keys there to let him connect while you're offline, or starting up a quick background netcat and disconnecting.
This requires no magic tools, and syslog/lastlog on the remote machine won't show much of interest, especially if you're like me and rely on logging in multiple times "quickshot" to remote hosts, except for remote host names the lastlog is basically unreadable already.
I'm actually surprised OpenSSH doesn't yet print a large warning when you go to connect and forwarding is enabled.
agent forwarding is not enabled by default, so if you've turned it on, you should know what you're doing. it should only be enabled in ~/.ssh/config per-host, for hosts that you trust.
you should also enable confirmation in ssh-agent so that whenever a key is used, you must manually confirm it. it will prevent attacks like this where another user on a compromised machine will use your agent to login to another machine.
i wrote about doing this on osx, but it works similarly on any other platform - http://jcs.org/macssh
Nice approach, modulo the usual problems with dialogs popping up while you're typing (it seems spacebar would confirm that dialog in your post).
I no longer use agent forwarding. For config changes I prefer keeping "smarts" close to home and away from production, and in most cases do dumb pushes via rsync/SSH, rather than those machines ever having direct access to revision control, etc.
That assumes, say, users not inheriting ~/.ssh/config files, or having one configured for them by a site administrator.
Just because a configuration needs to be added to a file doesn't mean that everyone using that config has added it themselves, or understands the implications.
Seems that an agent notification of auth requests would help mitigate some of the risks here.
Nice work. This taps straight into a game mechanic most people already have ingrained into them. Really addictive for a marketing game.
Two suggestions:
- Size up the images to be a greater percentage of the containing space. With a high resolution people are going to be squinting to figure out the products.
- After the user loses, show them what they got wrong - it's pretty unsatisfying not to see where you went wrong, and it's the behaviour people expect from the "price is right" mechanic. From your point of view, it's also an addition time to plug links.
In setting up the model, the birth rate is given as a constant (capital pi). Clearly the birth rate should be proportional to the number of survivors S.
This doesn't materially alter the thrust of the argument, which presupposes a short outbreak with pi := 0 anyway, but does negate the conclusion of the first section, that "an outbreak of zombies will lead to the collapse of civilisation, as large numbers of people are either
zombified or dead."
In reality, the first ODE just states that the sum of (living+zombies+dead) only increases when new humans are born.
The root user on the forwarding machine should be trusted because they can monitor the contents of the agent socket while your connection is active, being able to eavesdrop on communications, but since your private key never leaves your own host, there's no way it could be leaked.
The fact that your private key is never transmitted is one of the core strengths of asymmetric keys. Did you think you were leaking your private key to any server you SSH'd to?