Fabiano Fidêncio wrote: > > One obvious approach is to create a proxy agent which looks like an > > agent to all clients, but which also integrates with SPICE. > > This is a good solution, probably the best one. The main problem is > how to implement it. > We have two clear ways for adding a proxy agent. The proxy agent is not "added" but would run "in front of" the original local agent. In addition to simply proxying from clients to the original local agent, the proxy agent would be capable of communicating across SPICE. > One is with the SSH_AUTH_SOCK supporting a list of sockets, SSH_AUTH_SOCK could be dynamically changed to point to the proxy agent. > The other option would be extend the ssh-agent protocol to support a > few new operations (add/remove the proxy agent) and then we could just > do a ssh-add --proxy path/to/the/socket ... This seems unneccessary - just put the proxy agent in front of the original one. //Peter _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev