On 30/05/15 20:41, Peter Stuge wrote:
If you really want to segregate credentials for different environments
The agent knows who is asking it about using a key, so you could
certainly have a single agent which applies a policy based on that.
No, it doesn't. For the ssh-agent, it's the same ssh(1) process both
times. The
difference lies in that the first time it is using it itself for
authentication and
the second one it is asking that on behalf of a remote untrusted process.
(OTOH the proposal from February that suggested a "received parameter",
would allow this kind of thing)
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev