Use agent forwarding instead of password-less keys

[turicas]

Currently we're using password-less SSH keys to make the connection from the remote to the local machine (using the back-channel). This is not secure since if the remote machine is compromised anyone can connect in your local machine using that key.
We should change this behaviour to use agent forwarding.
More about this in these reddit comments:

• http://www.reddit.com/r/linux/comments/xnjnn/sbc_use_ssh_like_a_boss/c5o2671
• http://www.reddit.com/r/sysadmin/comments/xnkfp/sbc_use_ssh_like_a_boss/c5o63uv

[turicas]

If I connect on the remote machine using:

ssh -A remote-user@remote-host

and my public key is in the local file ~/.ssh/authorized_keys, then in the remote machine I can connect in local machine without my private key being there -- the problem with this approach is that I can, in remote machine, use my private key for anything (since the agent was forwarded) so I'm vulnerable if the remote machine is compromised.

[flavioamieiro]

I think maybe sbc should just leave the key management to the user. If the user wants, she can use ssh-agent in the remote machine, use ssh-agent forwarding or even authenticate using passwords if that's what she wants. This, of course, means sbc could be very annoying depending on the chosen authentication method, but perhaps it should be the user's choice.

P.s.: Of course the documentation should still point to a secure and simple authentication method.