On Fri, Sep 18, 2015 at 7:07 PM, Peter Stuge <peter@xxxxxxxx> wrote: > Fabiano Fidêncio wrote: >> A few possible solutions for this would involve a way to support more >> than one agent, talking to both (the local one and the spice one), >> merging then their responses and returning it to any application who >> sent the request. Note that would be really nice if we can limit it to >> do just some operations (like, ssh-add .ssh/id_rsa probably must not >> go to the spice agent). >> >> But how to do that? What could be a good approach for doing that? > > One obvious approach is to create a proxy agent which looks like an > agent to all clients, but which also integrates with SPICE. This is a good solution, probably the best one. The main problem is how to implement it. We have two clear ways for adding a proxy agent. One is with the SSH_AUTH_SOCK supporting a list of sockets, but it won't be dynamically. In other words, if I want to replace the spice-agent for another one, it would, most likely, require a session restart and it's not exactly good :-\ The other option would be extend the ssh-agent protocol to support a few new operations (add/remove the proxy agent) and then we could just do a ssh-add --proxy path/to/the/socket ... I am really would prefer to go for the second approach, but I really would like to hear, from you (ssh people), if it would be accepted and if I can proceed with the implementation. Best Regards, -- Fabiano Fidêncio _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev