openssh bugs - Apr 2013 - [Bug 2093] New: don't forward authentication for the whole keyring

https://bugzilla.mindrot.org/show_bug.cgi?id=2093

            Bug ID: 2093
           Summary: don't forward authentication for the whole keyring
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 5.5p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh-agent
          Assignee: unassigned-bugs at mindrot.org
          Reporter: bugmenot at mailinator.com

Note: I think this applies to both ssh (client) and ssh-agent. 

It would be nice to add an option to ssh so only the key used for
authentication is forwarded when "ssh -A" is used. Consider the
following case: 

I have two private ssh keys :

 - one to access my personnal machines,
 - one to access servers at my job.

I add those two keys to my ssh-agent with ssh-add.

Now, when I do "ssh -A root at jobsrv" I would like to forward agent
authentication only for my job key (the one I'm using to connect
jobsrv).

I want this because anyone having root access to jobsrv can use my
agent to authenticate himself to my personnal machines.

Thank you.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2093

Christian Kujau <mindrot at nerdbynature.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mindrot at nerdbynature.de

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2093

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
This was implemented in openssh-8.9. Details at
https://www.openssh.com/agent-restrict.html

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.