Hi Damien,
The restricted agent keys functionality sounds really interesting. Are there any plans to support embedding the restrictions in the keys themselves at some point? That would make this much easier to use, but it would require extending the key format and adding the appropriate parsing in ssh-agent or ssh-add.
Anyway, thanks for the great work.
--
Iain
On 1/6/22, 14:53, "openssh-unix-dev on behalf of Damien Miller" <openssh-unix-dev-bounces+iain.morgan=nasa.gov@xxxxxxxxxxx on behalf of djm@xxxxxxxxxxx> wrote:
Hi,
We've landed some fairly significant changes in OpenSSH recently and
would appreciate your help in testing them. The biggest of the changes
are:
1. Conversion of the ssh and sshd mainloop from select() to poll()
This should be entirely invisible to users, so any behaviour change
is a bug. If you see something and want to help debug it further,
uncomment the DEBUG_CHANNEL_POLL #define in channels.c for helps of
extra debug logging.
2. Restricted agent keys.
This is a large set of changes to add destination- and path-restricted
keys to ssh-agent. A full writeup is at on the website at
[snip]
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
