[Bug 2480] New: Support a list of sockets on SSH_AUTH_SOCK

Tue Oct 13 22:19:21 AEDT 2015

https://bugzilla.mindrot.org/show_bug.cgi?id=2480

            Bug ID: 2480
           Summary: Support a list of sockets on SSH_AUTH_SOCK
           Product: Portable OpenSSH
           Version: 7.1p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh-agent
          Assignee: unassigned-bugs at mindrot.org
          Reporter: fabiano at fidencio.org

Created attachment 2727
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2727&action=edit
Support a list of sockets on SSH_AUTH_SOCK

The idea behind this change is to add support for different
"ssh-agents"
being able to run at the same time. It does not change the current
behavior of the ssh-agent (which will set SSH_AUTH_SOCK just for
itself). Neither does it change the behavior of SSH_AGENT_PID (which
still supports only one pid).
The new implementation will go through the list of sockets (which are
separated by a colon (:)), and will return the very first functional
one. An example of the new supported syntax is:
SSH_AUTH_SOCK=/run/user/1000/spice/ssh:/tmp/ssh-hHomdONwQus6/agent.6907

The idea has been discussed a little in these e-mail threads:
http://lists.mindrot.org/pipermail/openssh-unix-dev/2015-September/034381.html
and
http://lists.mindrot.org/pipermail/openssh-unix-dev/2015-September/034406.html
(the same patch is attached to the bug)

In the second mail thread, there is a suggestion about adding a new
environment variable (SSH_AUTH_SOCK_FALLBACKS) that also looks like a
valid approach. Please, let me know your preferences and I can come up
with whatever is better for openssh community.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.