Re: [RFE] Multiple ssh-agent support

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Sat, Sep 19, 2015 at 2:57 AM, Peter Stuge <peter@xxxxxxxx> wrote:
> Fabiano Fidêncio wrote:
>> > One obvious approach is to create a proxy agent which looks like an
>> > agent to all clients, but which also integrates with SPICE.
>>
>> This is a good solution, probably the best one. The main problem is
>> how to implement it.
>> We have two clear ways for adding a proxy agent.
>
> The proxy agent is not "added" but would run "in front of" the
> original local agent. In addition to simply proxying from clients to
> the original local agent, the proxy agent would be capable of
> communicating across SPICE.
>
>> One is with the SSH_AUTH_SOCK supporting a list of sockets,
>
> SSH_AUTH_SOCK could be dynamically changed to point to the proxy agent.

How could it be done dinamically for the whole session?
I mean, setting an env var for the whole DE session would require a
session restart (at least for GNOME).

>
>
>> The other option would be extend the ssh-agent protocol to support a
>> few new operations (add/remove the proxy agent) and then we could just
>> do a ssh-add --proxy path/to/the/socket ...
>
> This seems unneccessary - just put the proxy agent in front of the
> original one.

And here we have the problem to convince DE developers to set the
spice-agent as the first one ... actually, I don't think that would be
a problem for GNOME but may be a problem for any other DEs, I will try
to talk to them..
Hmm. Maybe it can be the best way to go, but I still have to do some
tests using kde/xfce and see the if I can ensure that the spice-agent
will run firstly and then that the ssh-agent will set
SSH_AUTH_SOCK=$SSH_AUTH_SOCK:/path/to/the/system/ssh/agent.


Best Regards,
--
Fabiano Fidêncio
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux