xpra icon
Bug tracker and wiki

Opened 6 months ago

Last modified 6 months ago

#2303 assigned enhancement

Support SSH agent forwarding

Reported by: erikjensen Owned by: Antoine Martin
Priority: minor Milestone: future
Component: server Version: 2.5.x
Keywords: Cc:

Description

I use a hardware token for SSH access. It would be great if Xpra could forward requests to the SSH agent on the client.

This would probably involve creating a socket and setting SSH_AUTH_SOCK in the Xpra session (only if the feature is turned on), and then forwarding connections to the socket to the client, which would in turn forward them to whatever SSH_AUTH_SOCK was set to, locally.

Attachments (1)

ssh-agent.patch (5.6 KB) - added by Antoine Martin 6 months ago.
try to start the AgentRequestHandler?

Download all attachments as: .zip

Change History (4)

comment:1 Changed 6 months ago by Antoine Martin

Status: newassigned

Can be added using paramiko agent.

@erikjensen: in the meantime, you can use --ssh=ssh to switch back to the openssh backend which supports agent forwarding by default.

comment:2 Changed 6 months ago by Antoine Martin

paramiko rocks, adding agent forwarding support is as simple as adding adding AgentRequestHandler(session).

This be an option, off by default, but we should honour ssh-config.
Do we want to overload the ssh=paramiko command line option for that? Maybe add a -A / -a switch to it, just like openssh?

Changed 6 months ago by Antoine Martin

Attachment: ssh-agent.patch added

try to start the AgentRequestHandler?

comment:3 Changed 6 months ago by Antoine Martin

Milestone: 3.0future

According to the documentation, the code in the patch above should do the job but I can't see anything in the environment that would tell applications about the forwarded agent. (no SSH_AUTH_SOCK)

So I'm out of ideas.

Note: See TracTickets for help on using tickets.