Informing the SSH agent of the target user at server
Hector Martin 'marcan'
marcan at marcan.st
Thu Mar 22 03:30:31 AEDT 2018
On 2018-03-22 01:25, Peter Stuge wrote:
>> Or an intermediate forwarding ssh could insert a tag (2):
>>
>> - SSH_AGENTC_EXTENSION "forwarded-for at openssh.com" string("user2 at host2")
>> - SSH_AGENTC_REQUEST_IDENTITIES
>>
>> (which would of course nest with multiple chained forwards, similar to
>> SMTP Received headers)
>
> Since forwarding ssh processes just forward agent socket bytes
> without tracking the protocol state in that stream adding a packet
> isn't trivial.
It's reasonably trivial if the definition is that the forwarded-for
extension chain happens once when agent connections are opened. Then the
ssh process just needs to send the extension, wait for the reply
(whether positive or not-supported), eat it, and move on with forwarding
the remaining bytestream.
--
Hector Martin "marcan" (marcan at marcan.st)
Public Key: https://mrcn.st/pub
More information about the openssh-unix-dev
mailing list