Re: Using two agents

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Sat, 30 May 2015, Kasper Dupont wrote:

> As far as I can tell when the ssh command uses an agent to
> authenticate to a server and then forwards an agent to that server, it
> will always use the same agent for both purposes.
>
> Has there been any attempt to make it possible for the ssh command
> to use two different agents, such that I can use one agent to
> authenticate and then forward a different agent to the server?

You could probably rig something up using the Unix domain socket
forwaring that was added a couple of releases ago.

More generally, I've long wanted the ability to restrict which keys are
made available through a forwarded-agent but doing so either requires
teaching ssh most of the agent protocol and moving ssh into the trust
path for agent keys, or a more substantial rearchitecture of how agents
are forwarded (giving each ssh a long-lived socket to the agent, or some
sort of cookie that stood for one instead of creating socket on-demand).

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux