1. Adding "ForwardAgent yes" to the relevant ~/.ssh/config entries works for "ssh", but I still have to use an explicit "-A" with "scp" and "sftp". I presume that that's intentional? If so, would it be possible to add support for something like "ForwardAgent always"? (I'm using the Fedora-40-supplied "OpenSSH_9.6p1, OpenSSL 3.2.2 4 Jun 2024".)
2. Since the proxy is not under our control, the agent now *always* gets forwarded all the way to the target host, which most often is *not* desirable. (Alas, we *sometimes* need that functionality, though.) Sure, I can try to "unset SSH_AUTH_SOCK", delete the actual socket, try to weaponize "ChannelTimeout agent-connection=5s", and *I* am using "-c" with "ssh-add" anyway, but. Is there a way to properly disconnect/expire the local agent from a(n) *ongoing* / freshly-successfully-established SSH connection? Preferably in an automated way (rather than, say, typing a tilde escape) ... ?
Thanks in advance, -- Jochen Bern Systemingenieur Binect GmbH
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
