Using two agents
Damien Miller
djm at mindrot.org
Mon Jun 1 11:28:05 AEST 2015
On Sat, 30 May 2015, Kasper Dupont wrote:
> As far as I can tell when the ssh command uses an agent to
> authenticate to a server and then forwards an agent to that server, it
> will always use the same agent for both purposes.
>
> Has there been any attempt to make it possible for the ssh command
> to use two different agents, such that I can use one agent to
> authenticate and then forward a different agent to the server?
You could probably rig something up using the Unix domain socket
forwaring that was added a couple of releases ago.
More generally, I've long wanted the ability to restrict which keys are
made available through a forwarded-agent but doing so either requires
teaching ssh most of the agent protocol and moving ssh into the trust
path for agent keys, or a more substantial rearchitecture of how agents
are forwarded (giving each ssh a long-lived socket to the agent, or some
sort of cookie that stood for one instead of creating socket on-demand).
-d
More information about the openssh-unix-dev
mailing list