When I read this question about what gets signed with the private key by the client I wondered: What stops the following scenario from happening:
- A client connects to an SSH server.
- The SSH server knows that the client also has an account on a second SSH server. It connects to that second SSH server, providing the authentication challenge ("session identifier") of the second server to the client.
- The client signs the the authentication requests, sends it to the first SSH server.
- The first SSH server forwards the signed authentication request to the second SSH server and has access to the second SSH server.