xpra icon
Bug tracker and wiki

Opened 21 months ago

Last modified 32 hours ago

#2303 assigned enhancement

Support SSH agent forwarding

Reported by: erikjensen Owned by: Antoine Martin
Priority: minor Milestone: future
Component: server Version: 2.5.x
Keywords: Cc:


I use a hardware token for SSH access. It would be great if Xpra could forward requests to the SSH agent on the client.

This would probably involve creating a socket and setting SSH_AUTH_SOCK in the Xpra session (only if the feature is turned on), and then forwarding connections to the socket to the client, which would in turn forward them to whatever SSH_AUTH_SOCK was set to, locally.

Attachments (1)

ssh-agent.patch (5.6 KB) - added by Antoine Martin 20 months ago.
try to start the AgentRequestHandler?

Download all attachments as: .zip

Change History (5)

comment:1 Changed 21 months ago by Antoine Martin

Status: newassigned

Can be added using paramiko agent.

@erikjensen: in the meantime, you can use --ssh=ssh to switch back to the openssh backend which supports agent forwarding by default.

comment:2 Changed 20 months ago by Antoine Martin

paramiko rocks, adding agent forwarding support is as simple as adding adding AgentRequestHandler(session).

This be an option, off by default, but we should honour ssh-config.
Do we want to overload the ssh=paramiko command line option for that? Maybe add a -A / -a switch to it, just like openssh?

Changed 20 months ago by Antoine Martin

Attachment: ssh-agent.patch added

try to start the AgentRequestHandler?

comment:3 Changed 20 months ago by Antoine Martin

Milestone: 3.0future

According to the documentation, the code in the patch above should do the job but I can't see anything in the environment that would tell applications about the forwarded agent. (no SSH_AUTH_SOCK)

So I'm out of ideas.

comment:4 Changed 32 hours ago by migration script

this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/2303

Note: See TracTickets for help on using tickets.