Detecting forwarded agent connections

Alex Wilson alex at cooperi.net
Mon May 25 16:51:03 AEST 2020


On 23/5/20 2:21 am, Peter Stuge wrote:
> Alex Wilson wrote:
>> I'm working on a custom ssh-agent implementation and looking at ways
>> to detect forwarded agent connections,
> 
> What about SSH_AGENT_FORWARDING_NOTICE ?
> 
> It's a "should" in draft-ietf-secsh-agent-02, but if you control your
> endpoint then you could rely on this, no?
> 

Thanks for the suggestion. I would like it to work with unmodified 
openssh client binaries already on the system (users just run this agent 
instead of ssh-agent), so I don't think that would work.

If you're curious, the software in question is pivy-agent from
https://github.com/arekinath/pivy


More information about the openssh-unix-dev mailing list