search for: ssh_agentc_extension

...To "pin" an agent request > to a remote identity we'd either need to make the connections persistent > and add an extension to inform the agent of the remote identity OR > do this on every request. The latter is probably easier. > > I.e. have ssh inject a > > SSH_AGENTC_EXTENSION "remote-id at openssh.com" string("user at host") > > before each agent request (ssh would need to eat the reply too) and the > agent uses that to filter the keys it is prepared to send. Specifying > which hosts a given key is allowed for could be done with a key &g...

Hi, I'm prototyping an SSH agent that can broker access to a large set of remotely held SSH keys (potentially hundreds or thousands)*. Since SSH servers have a limit on maximum authentication attempts, the client needs to be able to request whichever particular key it needs for a given target user at server from the agent. Currently, the SSH agent protocol[1] only supports

On 2018-03-22 01:25, Peter Stuge wrote: >> Or an intermediate forwarding ssh could insert a tag (2): >> >> - SSH_AGENTC_EXTENSION "forwarded-for at openssh.com" string("user2 at host2") >> - SSH_AGENTC_REQUEST_IDENTITIES >> >> (which would of course nest with multiple chained forwards, similar to >> SMTP Received headers) > > Since forwarding ssh processes just forward agent...