[Bug 2093] New: don't forward authentication for the whole keyring

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Apr 17 07:03:17 EST 2013


https://bugzilla.mindrot.org/show_bug.cgi?id=2093

            Bug ID: 2093
           Summary: don't forward authentication for the whole keyring
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 5.5p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh-agent
          Assignee: unassigned-bugs at mindrot.org
          Reporter: bugmenot at mailinator.com

Note: I think this applies to both ssh (client) and ssh-agent. 

It would be nice to add an option to ssh so only the key used for
authentication is forwarded when "ssh -A" is used. Consider the
following case: 

I have two private ssh keys :

 - one to access my personnal machines,
 - one to access servers at my job.

I add those two keys to my ssh-agent with ssh-add.

Now, when I do "ssh -A root at jobsrv" I would like to forward agent
authentication only for my job key (the one I'm using to connect
jobsrv).

I want this because anyone having root access to jobsrv can use my
agent to authenticate himself to my personnal machines.

Thank you.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list