Исходное сообщение
"Удалённо эксплуатируемая уязвимость в OpenSSH ssh-agent" Отправлено крокодил мимо.., 23-Июл-23 14:29
в дополнение - дефолтные настройки ssh для OpenBSD: $ grep -iE "agent|forward"  /etc/ssh/ssh_config #   ForwardAgent no #   ForwardX11 no и ман, что характерно, отдельно предупреждает любителей экспериментов: $ man ssh_config **      ForwardAgent              Specifies whether the connection to the authentication agent (if              any) will be forwarded to the remote machine.  The argument may              be yes, no (the default), an explicit path to an agent socket or              the name of an environment variable (beginning with `$') in which              to find the path.              Agent forwarding should be enabled with caution.  Users with the              ability to bypass file permissions on the remote host (for the              agent's Unix-domain socket) can access the local agent through              the forwarded connection.  An attacker cannot obtain key material              from the agent, however they can perform operations on the keys              that enable them to authenticate using the identities loaded into              the agent. думаю, что дефолт у многих аналогичен..