Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/ssh: does not support ssh-agent forwarding #6223

Closed
gopherbot opened this issue Aug 22, 2013 · 8 comments
Closed

x/crypto/ssh: does not support ssh-agent forwarding #6223

gopherbot opened this issue Aug 22, 2013 · 8 comments
Labels
FrozenDueToAge
Milestone
Unreleased

Comments

@gopherbot
Copy link
Contributor

by jamwt@dropbox.com:

crypto/ssh does not have support for ssh-agent forwarding.

This is useful for building out things like deployment systems where you're tunneling
through some bastion server into production.  The packer project could benefit from this
(in fact, that's why we @ dropbox tackled this issue).
@robpike
Copy link
Contributor

robpike commented Aug 24, 2013

Comment 1:

Labels changed: added priority-later, removed priority-triage.

Status changed to Accepted.

@rsc
Copy link
Contributor

rsc commented Nov 27, 2013

Comment 2:

Labels changed: added go1.3maybe.

@rsc
Copy link
Contributor

rsc commented Dec 4, 2013

Comment 5:

Labels changed: added release-none, removed go1.3maybe.

@rsc
Copy link
Contributor

rsc commented Dec 4, 2013

Comment 6:

Labels changed: added repo-crypto.

@hanwen
Copy link
Contributor

hanwen commented Apr 12, 2014

Comment 7:

this should be fixed in go.crypto/ssh . Can you update and try again?
update notes are at
https://docs.google.com/document/d/1nF2wlkIwuA4AXryOvE2p0hgQUbsyRYklKSot4ahH3Aw/edit#heading=h.ptdmtgjuyu8

@gopherbot
Copy link
Contributor Author

Comment 8 by gposton1040:

has anyone made any attempts to update packer w/ this functionality?  I'm finding it
difficult to figure out how to use the new agent-forwarding functionality.  An example
would be helpful.

@gopherbot
Copy link
Contributor Author

Comment 9 by gposton1040:

I'm working on the same issue.  I'm trying to update packer to support agent-forwarding,
but finding it difficult to figure out how to set up agent-forwarding using crypto/ssh.

@mikioh mikioh changed the title go.crypto/ssh: does not support ssh-agent forwarding ssh: does not support ssh-agent forwarding Jan 7, 2015
@rsc rsc added this to the Unplanned milestone Apr 10, 2015
@rsc rsc changed the title ssh: does not support ssh-agent forwarding x/crypto/ssh: does not support ssh-agent forwarding Apr 14, 2015
@rsc rsc modified the milestones: Unreleased, Unplanned Apr 14, 2015
@rsc rsc removed the repo-crypto label Apr 14, 2015
@hanwen
Copy link
Contributor

hanwen commented Aug 18, 2015

agent forwarding is described here:

https://www.vandyke.com/technology/draft-ietf-secsh-agent.txt

basically, you do channel.SendRequest("auth-agent-req", true) before starting the session, and then route incoming NewChannel requests of type "auth-agent" to a connection to the SSH_AUTH_SOCK unix domain socket.

Most of the legwork has been done here for you:

https://godoc.org/golang.org/x/crypto/ssh/agent#RequestAgentForwarding
https://godoc.org/golang.org/x/crypto/ssh/agent#ForwardToAgent
https://godoc.org/golang.org/x/crypto/ssh/agent#ForwardToRemote

@hanwen hanwen closed this as completed Aug 18, 2015
@golang golang locked and limited conversation to collaborators Aug 22, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
4 participants
@hanwen @rsc @robpike @gopherbot