Is there any solution, or even work on, limiting which keys gets forwarded where?

Ángel González keisial at
Thu Oct 22 08:31:02 AEDT 2015

On 20/10/15 16:00, hubert depesz lubaczewski wrote:
> On Tue, Oct 20, 2015 at 09:33:46AM -0400, Daniel Kahn Gillmor wrote:
>> On Tue 2015-10-20 03:08:11 -0400, hubert depesz lubaczewski wrote:
>>> If I run tmux locally, and my network connection dies, then I lose what
>>> I was doing on remote host.
>>> Tmux is there to protect me from losing work (let's say, in the middle
>>> of datbase upgrade) due to network issues).
>> if you want that kind of protection, run tmux (or GNU screen) on the
>> remote host itself.  that will protect you from outages on the jumphost
>> as well.
> That's not an option, since I usually work on multiple hosts behind
> single jump host at once.
You can run a tmux locally where you load several hosts running screen.

> Anyway - I need agent forwarding,
I'm not so sure about this point.

> and from what I gather - there is no
> solution, or work on solution, that would allow me to limit which keys
> gets forwarded.
Right. The only solution currently available is to play with several ssh 
or changing the loaded keys in the agent (in addition of the ask-before-use

> That's fine, really (kindof, but it's better to know
> that there is no such thing than spend hours hunting for something that
> just doesn't exist).

There's no such thing :)
We have discussed that in the past, but there's no code doing that (yet).

Best regards

More information about the openssh-unix-dev mailing list