Problems using RemoteForward for gpg-agent with multiple sessions
Damien Miller
djm at mindrot.org
Tue Jun 14 11:25:05 AEST 2022
On Fri, 10 Jun 2022, Brandon Cheng wrote:
> On Fri, 10 Jun 2022, Damien Miller wrote:
> > Another possibility would be to have some %-expansion that expands to
> > a random value that is long enough to be safely used as a temporary
> > path.
> >
> > E.g. %R expanding to 24 base64 characters. You could use this to
> > obtain effectively unique paths.
>
> This would be a great solution.
>
> To complete this option, how might the server determine the unique path?
> I'm leaning towards SetEnv and updating it to understand
> %-expansions. (If it doesn't already.)
>
> Host example
> RemoteForward /tmp/%R.sock /home/local/.gnupg/S.gpg-agent.extra
> SetEnv SSH_R_EXPANSION=%R
I think that could be made to work - we'd need ssh's main() to generate
a single random token per connection, though it might be possible for
a user to shoot themselves in the foot if they reused the token for
multiple things and exposed it to an on-host attacker. We generally
avoid leaving footguns around.
> At the moment all %-expansions happen client-side, which is a nice and
> simple design. The server could perform the %R expansion server-side if
> that's the right approach, but it'd introduce a lot of new logic to the
> server.
>
> One other alternative to SetEnv would be to send the client-computed %R
> as a SSH_CHANNEL_LARVAL state command, which is also involved.
Another option: remote port-forwarding has a notion of server-allocated
ports, that are communicated back to the client. We could do something
similar for Unix domain sockets too, but with a server-generated /tmp
path instead of a port.
The downside is that this is only really useful when used in conjunction
with ControlPath, and they take a fair bit more connection setup.
Another option still: use the server-assigned port/temp-path feature, but
have the client automatically create SetEnv directives for it. Since
forwardings are processed before shell/command session execution, this
could be fairly automatic for users. The catch here is figuring out how
to communicate multiple (potentially many) forwardings via SetEnv.
-d
More information about the openssh-unix-dev
mailing list