ssh agent forwarding
269 views
Skip to first unread message
Ulrich Schreiner
Mar 3, 2015, 2:41:36 PM3/3/15
to golan...@googlegroups.com
hi,
are there any examples how to access a forwarded agent? i wrote a small ssh-server with the crypto/ssh package and i want to use the ssh-agent forwarded from the client. is there any support for this? the "agent" package seems to support an agent which can be forwarded, but i need some sort of "agentproxy" which delegates to the ssh-agent on the client machine.
on the ssh server i see an incoming request from the client with request-type "auth-ag...@openssh.com". do i have to handle this request in a specific way?
thanks for any help
</usc>
Han-Wen Nienhuys
Mar 4, 2015, 12:23:29 PM3/4/15
to golan...@googlegroups.com
What does the server do? Does it offer a shell session? If yes, the standard way is to listen on a Unix socket, and put the address of the socket in the SSH_AUTH_SOCKET environment variable.
When something connects to the unix socket, you can forward the connection by opening a channel from server to the client, see also
https://tools.ietf.org/html/draft-ietf-secsh-agent-02, section 4.2.
I'm not sure what how "@openssh.com" is different from the memo above, though.
</usc>
Brandon Philips
Mar 23, 2015, 11:55:26 AM3/23/15
to Ulrich Schreiner, golan...@googlegroups.com
Hello Ulrich-
I don't know if this is the exact use case you are looking for but
`fleetctl ssh` uses an ssh agent and then ssh into another machine
interactively. Essentially it acts like `ssh hostname` but operates on
fleet metadata instead so `fleetctl ssh <fleet-machine-id>`
https://github.com/coreos/fleet/blob/master/ssh/proxy.go
Cheers,
Brandon
> --
> You received this message because you are subscribed to the Google Groups
> "golang-nuts" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to golang-nuts...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
I don't know if this is the exact use case you are looking for but
`fleetctl ssh` uses an ssh agent and then ssh into another machine
interactively. Essentially it acts like `ssh hostname` but operates on
fleet metadata instead so `fleetctl ssh <fleet-machine-id>`
https://github.com/coreos/fleet/blob/master/ssh/proxy.go
Cheers,
Brandon
> You received this message because you are subscribed to the Google Groups
> "golang-nuts" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to golang-nuts...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Ulrich Schreiner
Mar 23, 2015, 3:17:14 PM3/23/15
to Brandon Philips, Ulrich Schreiner, golan...@googlegroups.com
Thanx.
I solved it a few weeks ago. It is a ssh-server which accepts clients by
their keys and then connects to other ssh-servers by forwarding the
original client agent.
It wasn't as complex as i thought :-)
I solved it a few weeks ago. It is a ssh-server which accepts clients by
their keys and then connects to other ssh-servers by forwarding the
original client agent.
It wasn't as complex as i thought :-)
Reply all
Reply to author
Forward
0 new messages