Home
 |
FAQ
 |
Feedback
 |
Licence
 |
Updates
 |
Mirrors
 |
Keys
 |
Links
 |
Team
Download:
Stable
 ·
Snapshot
 |
Docs
 |
Changes
 |
Wishlist
Currently, SSH agent forwarding with Pageant is a fairly extreme trade-off of security against convenience; allowing a remote server to access your agent means that it can make use of any of the keys held by your agent any number of times without any confirmation or notification to you.
A different trade-off would be to require confirmation from the local user when a signature is requested for some or all keys. (OpenSSH's agent supports this with ssh-add -c, which requests confirmation with SSH_ASKPASS.)
As with most of these sorts of features, this depends on pageant-named-pipe in Windows Pageant.