| Summary: | -A command not available from ~C | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Alain Knaff <mindrot2> | ||||
| Component: | ssh | Assignee: | Assigned to nobody <unassigned-bugs> | ||||
| Status: | NEW --- | ||||||
| Severity: | enhancement | CC: | dtucker | ||||
| Priority: | P2 | ||||||
| Version: | 5.8p1 | ||||||
| Hardware: | All | ||||||
| OS: | All | ||||||
| Attachments: |
|
||||||
|
Description
Alain Knaff
2011-09-12 04:57:19 AEST
Created attachment 2082 [details]
Allow agent forwarding to be toggled off
I actually implemented this a long time ago as a toggle rather than the command line processor. The down side is that you'll get an error message from the remote end if you use it and then attempt to use agent forwarding:
Error reading response length from authentication socket.
Note that you can't toggle it on if it was not enabled at connection establishment since the server needs to set the SSH_AUTH_SOCK environment variable and have it propagate to the shell, which it can't do after the shell has started.
Actually, we could probably fix the error message by implementing just enough of the agent protocol to say "nope, no identities here, move along!". The other thing you can do is load the key with ssh-add -c to require confirmation at the time of use. This would be rather inconvenient if the command needing access to the key was something like: for arch in i386 x86_64 arm powerpc; do scp huge_source_tree.tar.gz $arch.linux.org: done You'd get a confirmation request for each machine. With a toggle switch, you'd give access before the loop, and remove access after. |