Informing the SSH agent of the target user at server

Peter Stuge peter at stuge.se
Thu Mar 22 03:25:16 AEDT 2018


Hector Martin 'marcan' wrote:
> So right now we just have
> 
> - SSH_AGENTC_REQUEST_IDENTITIES
> 
> But the final ssh could do (1):
> 
> - SSH_AGENTC_EXTENSION "remote-id at openssh.com" string("user at host")
> - SSH_AGENTC_REQUEST_IDENTITIES

I think this sounds fine.


> Or an intermediate forwarding ssh could insert a tag (2):
> 
> - SSH_AGENTC_EXTENSION "forwarded-for at openssh.com" string("user2 at host2")
> - SSH_AGENTC_REQUEST_IDENTITIES
> 
> (which would of course nest with multiple chained forwards, similar to
> SMTP Received headers)

Since forwarding ssh processes just forward agent socket bytes
without tracking the protocol state in that stream adding a packet
isn't trivial.


//Peter


More information about the openssh-unix-dev mailing list