On Sat, 30 May 2015, Kasper Dupont wrote: > As far as I can tell when the ssh command uses an agent to > authenticate to a server and then forwards an agent to that server, it > will always use the same agent for both purposes. > > Has there been any attempt to make it possible for the ssh command > to use two different agents, such that I can use one agent to > authenticate and then forward a different agent to the server? You could probably rig something up using the Unix domain socket forwaring that was added a couple of releases ago. More generally, I've long wanted the ability to restrict which keys are made available through a forwarded-agent but doing so either requires teaching ssh most of the agent protocol and moving ssh into the trust path for agent keys, or a more substantial rearchitecture of how agents are forwarded (giving each ssh a long-lived socket to the agent, or some sort of cookie that stood for one instead of creating socket on-demand). -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev