Re: Problems using RemoteForward for gpg-agent with multiple sessions

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Fri, 10 Jun 2022, Damien Miller wrote:
> Another possibility would be to have some %-expansion that expands to
> a random value that is long enough to be safely used as a temporary
> path.
>
> E.g. %R expanding to 24 base64 characters. You could use this to
> obtain effectively unique paths.

This would be a great solution.

To complete this option, how might the server determine the unique path?
I'm leaning towards SetEnv and updating it to understand
%-expansions. (If it doesn't already.)

  Host example
    RemoteForward /tmp/%R.sock /home/local/.gnupg/S.gpg-agent.extra
    SetEnv SSH_R_EXPANSION=%R

At the moment all %-expansions happen client-side, which is a nice and
simple design. The server could perform the %R expansion server-side if
that's the right approach, but it'd introduce a lot of new logic to the
server.

One other alternative to SetEnv would be to send the client-computed %R
as a SSH_CHANNEL_LARVAL state command, which is also involved.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux