Tatu Ylonen writes:
(I'll forward your message to a couple of lists where it might be of interest; the original message is at end.)
I think you are right in your analysis. There is indeed a problem with RSA authentication. Basically what this means is that if you log into a corrupt host, that host can at the same time log into another host with your account (by fooling you to answer to the request) provided that you use the same RSA identity for both hosts.
A workaround is to use a different identity for each host you use. The default identity can be specified on a per-host basis in the configuration file, or by -i options.
Might I suggest that a better solution would be to adapt the station to station protocol, or, even better, Photuris... .pm