search for: ssh_agent_forwarding_notice

I know this is pretty left-field, but I'm working on a custom ssh-agent implementation and looking at ways to detect forwarded agent connections, with the hope to have a "confirm" mode which can apply just to those (or those, plus non-whitelisted local processes). I realise this has been discussed a bit before, but I have thought up a method which seems to be working in my tests

...st you connected to (eg. for "work" vs "personal" keys) instead of using several agents. Investigating the agent protocol for writing this, I discovered that I wasn't the first with this idea, and draft-ietf-secsh-agent-02 [1] already contemplated something similar with its SSH_AGENT_FORWARDING_NOTICE message and SSH_AGENT_CONSTRAINT_FORWARDING_STEPS & SSH_AGENT_CONSTRAINT_FORWARDING_PATH constraints. They can be a source for implementing the above. I don't know if the ssh agent of ssh.com uses a variation of that (incomplete) specification. Regards 1- http://tools.ietf.org/html/draft-...