Proposal for hardening agent forwarding
Mitchell Blank Jr
mitch-sshlist at bodyfour.uk
Fri Mar 12 18:00:45 AEDT 2021
Hello.
This week I've been experimenting with some hardening of the agent-forwarding
process. I know there have been other proposals in the past, but I thought
I'd share what I have in case they are of any upstream interest.
For easier review (and to spare your inboxes) I just opened it as a PR
on the openssh-portable github mirror here: https://github.com/openssh/openssh-portable/pull/233
In short it's similar functionality to Timo Weingärtner's ssh-agent-filter
tool that many are probably already familiar with, but integrated directly
into the openssh client.
I just did this for my own use-case, but if some of it is interesting as
an upstream addition feel free to re-use whatever parts you want.
-Mitch
More information about the openssh-unix-dev
mailing list