Post Syndicated from original https://lwn.net/Articles/880458/rss

The OpenSSH suite of tools for
secure remote logins is used widely within our communities; it also
underlies things like remote Git repository access.
A recent experimental feature for the upcoming OpenSSH 8.9 release
will help close a security hole
that can be exploited by attacker-controlled SSH servers (e.g. sshd) when the user is forwarding
authentication to a local ssh-agent. Instead
of allowing the keys held in the agent to be used for authenticating to any
host where they might work, SSH agent
restriction will allow users to specify where and how those keys can be
used.