[RFE] Multiple ssh-agent support

Fabiano Fidêncio fidencio at redhat.com
Sat Sep 19 11:17:40 AEST 2015


On Sat, Sep 19, 2015 at 2:57 AM, Peter Stuge <peter at stuge.se> wrote:
> Fabiano Fidêncio wrote:
>> > One obvious approach is to create a proxy agent which looks like an
>> > agent to all clients, but which also integrates with SPICE.
>>
>> This is a good solution, probably the best one. The main problem is
>> how to implement it.
>> We have two clear ways for adding a proxy agent.
>
> The proxy agent is not "added" but would run "in front of" the
> original local agent. In addition to simply proxying from clients to
> the original local agent, the proxy agent would be capable of
> communicating across SPICE.
>
>> One is with the SSH_AUTH_SOCK supporting a list of sockets,
>
> SSH_AUTH_SOCK could be dynamically changed to point to the proxy agent.

How could it be done dinamically for the whole session?
I mean, setting an env var for the whole DE session would require a
session restart (at least for GNOME).

>
>
>> The other option would be extend the ssh-agent protocol to support a
>> few new operations (add/remove the proxy agent) and then we could just
>> do a ssh-add --proxy path/to/the/socket ...
>
> This seems unneccessary - just put the proxy agent in front of the
> original one.

And here we have the problem to convince DE developers to set the
spice-agent as the first one ... actually, I don't think that would be
a problem for GNOME but may be a problem for any other DEs, I will try
to talk to them..
Hmm. Maybe it can be the best way to go, but I still have to do some
tests using kde/xfce and see the if I can ensure that the spice-agent
will run firstly and then that the ssh-agent will set
SSH_AUTH_SOCK=$SSH_AUTH_SOCK:/path/to/the/system/ssh/agent.


Best Regards,
--
Fabiano Fidêncio


More information about the openssh-unix-dev mailing list