831 – Allow agent forwarding in sftp & scp

Bug 831 - Allow agent forwarding in sftp & scp

Summary: Allow agent forwarding in sftp & scp

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	sftp (show other bugs)
Version:	-current
Hardware:	All All

Importance:	P5 enhancement
Assignee:	Damien Miller

URL:
Keywords:

Duplicates (2):	557 3065 (view as bug list)
Depends on:
Blocks:	V_8_4
	Show dependency tree / graph

Reported:	2004-04-05 16:58 AEST by Damien Miller
Modified:	2020-10-02 14:55 AEST (History)
CC List:	5 users (show)

See Also:

Attachments
Add -A option to scp and sftp (3.62 KB, patch) 2004-04-05 16:59 AEST, Damien Miller	no flags	Details \| Diff
Add -A option to scp and sftp (updated, git format-patch) (3.68 KB, patch) 2015-08-17 01:56 AEST, kl_other+mindrot	no flags	Details \| Diff
Add -A option to scp (1.92 KB, patch) 2019-09-13 22:14 AEST, Christian Weisgerber	no flags	Details \| Diff
Allow -A in sftp and scp (3.97 KB, patch) 2020-07-31 14:20 AEST, Damien Miller	dtucker: ok+	Details \| Diff
Show Obsolete (3) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Damien Miller 2004-04-05 16:58:15 AEST

sftp & scp unconditionally disable agent forwarding for their underlying ssh
connections. 

Unfortunately this makes it difficult to implement a SSH proxy that permits file
transfers using pubkey auth with the OpenSSH clients.

Comment 1 Damien Miller 2004-04-05 16:59:14 AEST

Created attachment 594 [details]
Add -A option to scp and sftp

This adds a -A option to explicitly enable agent forwarding for the file
transfer clients.

Comment 2 Damien Miller 2004-04-14 13:24:11 AEST

*** Bug 557 has been marked as a duplicate of this bug. ***

Comment 3 kl_other+mindrot 2015-08-16 20:24:21 AEST

Patch needs to be updated, as it will conflict on both sftp.c (options changed since patch) and scp.c (the declaration of "n" added since patch). Patch changes behaviour in two ways:

* Sets ForwardAgent=no by default, ForwardAgent=yes if -A is set.
* Sets ForwardAgent=no after processing other args, which allows -oForwardAgent=yes to take effect, as ssh ignores duplicate command-line options.

Once updated, I'd very much like this patch to go through.

Comment 4 kl_other+mindrot 2015-08-17 01:56:46 AEST

Created attachment 2683 [details]
Add -A option to scp and sftp (updated, git format-patch)

This is an updated version of Damien Miller's patch. It should feature-wise be identical, just without merge nightmares.

Comment 5 Damien Miller 2019-09-13 14:38:10 AEST

*** Bug 3065 has been marked as a duplicate of this bug. ***

Comment 6 Christian Weisgerber 2019-09-13 22:14:15 AEST

Created attachment 3328 [details]
Add -A option to scp

FWIW, here's the full patch for scp from bug 3065.

Comment 7 Damien Miller 2020-07-31 14:20:21 AEST

Created attachment 3437 [details]
Allow -A in sftp and scp

This option adds support for -A in both scp and sftp. It relies on ssh(1) following first-match-wins when processing its command line arguments (which it does)

Comment 8 Damien Miller 2020-08-03 12:44:51 AEST

patch applied and will be in openssh-8.4

Comment 9 Darren Tucker 2020-10-02 14:55:01 AEST

Mass close of all bugs fixed in 8.4 release.