On 2018-03-22 01:25, Peter Stuge wrote: >> Or an intermediate forwarding ssh could insert a tag (2): >> >> - SSH_AGENTC_EXTENSION "forwarded-for@xxxxxxxxxxx" string("user2@host2") >> - SSH_AGENTC_REQUEST_IDENTITIES >> >> (which would of course nest with multiple chained forwards, similar to >> SMTP Received headers) > > Since forwarding ssh processes just forward agent socket bytes > without tracking the protocol state in that stream adding a packet > isn't trivial. It's reasonably trivial if the definition is that the forwarded-for extension chain happens once when agent connections are opened. Then the ssh process just needs to send the extension, wait for the reply (whether positive or not-supported), eat it, and move on with forwarding the remaining bytestream. -- Hector Martin "marcan" (marcan@xxxxxxxxx) Public Key: https://mrcn.st/pub _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev