Informing the SSH agent of the target user at server
peter at stuge.se
Thu Mar 22 03:52:57 AEDT 2018
Hector Martin 'marcan' wrote:
> > Since forwarding ssh processes just forward agent socket bytes
> > without tracking the protocol state in that stream adding a packet
> > isn't trivial.
> It's reasonably trivial if the definition is that the forwarded-for
> extension chain happens once when agent connections are opened. Then the
> ssh process just needs to send the extension, wait for the reply
> (whether positive or not-supported), eat it, and move on with forwarding
> the remaining bytestream.
I wouldn't like to introduce a hard requirement for agent socket
connections to only perform private key operations for a single nexthop.
The OpenSSH ssh client is but one agent socket consumer...
But I'm all for the idea for case 1.
More information about the openssh-unix-dev