Detecting forwarded agent connections
Alex Wilson
alex at cooperi.net
Mon May 25 16:51:03 AEST 2020
On 23/5/20 2:21 am, Peter Stuge wrote:
> Alex Wilson wrote:
>> I'm working on a custom ssh-agent implementation and looking at ways
>> to detect forwarded agent connections,
>
> What about SSH_AGENT_FORWARDING_NOTICE ?
>
> It's a "should" in draft-ietf-secsh-agent-02, but if you control your
> endpoint then you could rely on this, no?
>
Thanks for the suggestion. I would like it to work with unmodified
openssh client binaries already on the system (users just run this agent
instead of ssh-agent), so I don't think that would work.
If you're curious, the software in question is pivy-agent from
https://github.com/arekinath/pivy
More information about the openssh-unix-dev
mailing list