Hi Damien,
The restricted agent keys functionality sounds really interesting. Are there any
plans to support embedding the restrictions in the keys themselves at some
point? That would make this much easier to use, but it would require extending
the key format and adding the appropriate parsing in ssh-agent or ssh-add.
Anyway, thanks for the great work.
--
Iain
?On 1/6/22, 14:53, "openssh-unix-dev on behalf of Damien Miller"
<openssh-unix-dev-bounces+iain.morgan=nasa.gov at mindrot.org on behalf of
djm at mindrot.org> wrote:
Hi,
We've landed some fairly significant changes in OpenSSH recently and
would appreciate your help in testing them. The biggest of the changes
are:
1. Conversion of the ssh and sshd mainloop from select() to poll()
This should be entirely invisible to users, so any behaviour change
is a bug. If you see something and want to help debug it further,
uncomment the DEBUG_CHANNEL_POLL #define in channels.c for helps of
extra debug logging.
2. Restricted agent keys.
This is a large set of changes to add destination- and path-restricted
keys to ssh-agent. A full writeup is at on the website at
[snip]