search for: ssh_agentc_request_identities

...te ssh client asking the agent for which specific key it needs, and intermediate (forwarding) clients tagging the requests with what host they are being made on behalf of. I was mostly asking about the former; the latter would be useful too, but they're tangential. So right now we just have - SSH_AGENTC_REQUEST_IDENTITIES But the final ssh could do (1): - SSH_AGENTC_EXTENSION "remote-id at openssh.com" string("user at host") - SSH_AGENTC_REQUEST_IDENTITIES Or an intermediate forwarding ssh could insert a tag (2): - SSH_AGENTC_EXTENSION "forwarded-for at openssh.com" string("use...

...is for ssh to just ask the agent "give me a list of keys for this user at host" and the agent would offer only those, probably just one. Thoughts? The SSH agent protocol has an extension mechanism, but I'm not aware of it being used for anything at the moment. Ideas: - Extend the SSH_AGENTC_REQUEST_IDENTITIES request by adding a payload with connection information (ideally a tag-value system so different metadata can be provided in the future). I've experimentally determined that the current standard ssh-agent does not care about a non-empty payload, so this would be backwards compatible with th...

On 2018-03-22 01:25, Peter Stuge wrote: >> Or an intermediate forwarding ssh could insert a tag (2): >> >> - SSH_AGENTC_EXTENSION "forwarded-for at openssh.com" string("user2 at host2") >> - SSH_AGENTC_REQUEST_IDENTITIES >> >> (which would of course nest with multiple chained forwards, similar to >> SMTP Received headers) > > Since forwarding ssh processes just forward agent socket bytes > without tracking the protocol state in that stream adding a packet > isn't trivial. It'...