Re: Informing the SSH agent of the target user@server

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 2018-03-22 01:25, Peter Stuge wrote:
>> Or an intermediate forwarding ssh could insert a tag (2):
>>
>> - SSH_AGENTC_EXTENSION "forwarded-for@xxxxxxxxxxx" string("user2@host2")
>> - SSH_AGENTC_REQUEST_IDENTITIES
>>
>> (which would of course nest with multiple chained forwards, similar to
>> SMTP Received headers)
> 
> Since forwarding ssh processes just forward agent socket bytes
> without tracking the protocol state in that stream adding a packet
> isn't trivial.

It's reasonably trivial if the definition is that the forwarded-for
extension chain happens once when agent connections are opened. Then the
ssh process just needs to send the extension, wait for the reply
(whether positive or not-supported), eat it, and move on with forwarding
the remaining bytestream.

-- 
Hector Martin "marcan" (marcan@xxxxxxxxx)
Public Key: https://mrcn.st/pub
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux