Hacker News new | ask | show | jobs
by nocsi 1072 days ago
Yea, but there’s a security boundary wherein you don’t want the SSH host to be executing code in your environment. Of course, the attackers can backdoor sshd to log credentials, setup init scripts on the host to execute code every client login and other shenanigans.
1 comments
gunapologist99 1072 days ago
Of course. So it's not really that out of the question if you are using agent forwarding, so, yeah, this is a big deal.
link