I'm currently dealing with what to do about key forwarding. We use a bastion host as a jumpbox between a secure DMZ and our office. With this, we use key forwarding. I know that those keys end up in /tmp/, and I have all forms of privilege escalation disabled for our users but... are there any extra steps I can take? What are people doing to really lock this stuff down?
[link] [comments]