from Hacker News

SSH caches keys of ongoing sessions in /tmp. Root can hijack, SSH to machine

by frogger8 on 2/28/23, 8:58 PM with 3 comments

• by theamk on 2/28/23, 10:10 PM

  Someone discovered either "ssh-agent" or ssh agent forwarding.

  I bet the next tweet from that account is: "Red Teamers: Check out ~/.ssh for user ssh keys! root user can hijack them and SSH to any machine the user can access"

• by gladiatr72 on 3/1/23, 1:27 AM

  Um. Yeah. That's kinda how that whole root thing works.