Re: Forward only specific identities

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



It's possible to use a proxy to filter the SSH agent connections. I found
this https://github.com/tiwe-de/ssh-agent-filter, but it didn't meet our
exact needs to allow multiple users to share an identity so I implemented
https://github.com/blueboxgroup/sshagentmux.


-Dustin

On Sun, Mar 13, 2016 at 4:14 PM, Darren Tucker <dtucker@xxxxxxxxxx> wrote:

> On Sat, Mar 12, 2016 at 8:30 AM, Tim Spriggs <imoverclocked@xxxxxxxxx>
> wrote:
> > Hi OpenSSH peeps!
> >
> >   I have looked around a few man pages and the usual sources of
> > information but I can't seem to find a way to only forward specific
> > identities to some hosts. What I would really like to have is a way to
> > only forward the identity that gave me a successful auth:
>
> Right now ssh (which forwards the request to the agent) doesn't
> understand the agent protocol, so it can't differentiate.  It's
> something Damien has mentioned as something we'd like to add but I
> don't know of any concrete plans.
>
> In the mean time, you could use a separate agent for the key in
> question and point $SSH_AUTH_SOCK at the appropriate socket.
>
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
>     Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@xxxxxxxxxxx
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux