Xpra: Ticket #2303: Support SSH agent forwarding

I use a hardware token for SSH access. It would be great if Xpra could forward requests to the SSH agent on the client.

This would probably involve creating a socket and setting SSH_AUTH_SOCK in the Xpra session (only if the feature is turned on), and then forwarding connections to the socket to the client, which would in turn forward them to whatever SSH_AUTH_SOCK was set to, locally.

Sat, 18 May 2019 02:41:34 GMT - Antoine Martin: status changed

status changed from new to assigned

Can be added using paramiko agent.

@erikjensen: in the meantime, you can use --ssh=ssh to switch back to the openssh backend which supports agent forwarding by default.

Thu, 30 May 2019 16:38:22 GMT - Antoine Martin:

paramiko rocks, adding agent forwarding support is as simple as adding adding AgentRequestHandler(session).

This be an option, off by default, but we should honour ssh-config. Do we want to overload the ssh=paramiko command line option for that? Maybe add a -A / -a switch to it, just like openssh?

Fri, 31 May 2019 09:04:16 GMT - Antoine Martin: attachment set

attachment set to ssh-agent.patch

try to start the AgentRequestHandler?

Fri, 31 May 2019 09:05:40 GMT - Antoine Martin: milestone changed

milestone changed from 3.0 to future

According to the documentation, the code in the patch above should do the job but I can't see anything in the environment that would tell applications about the forwarded agent. (no SSH_AUTH_SOCK)

So I'm out of ideas.

Sat, 23 Jan 2021 05:47:40 GMT - migration script:

this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/2303