I use a hardware token for SSH access. It would be great if Xpra could forward requests to the SSH agent on the client.
This would probably involve creating a socket and setting SSH_AUTH_SOCK in the Xpra session (only if the feature is turned on), and then forwarding connections to the socket to the client, which would in turn forward them to whatever SSH_AUTH_SOCK was set to, locally.
Can be added using paramiko agent.
@erikjensen: in the meantime, you can use --ssh=ssh
to switch back to the openssh backend which supports agent forwarding by default.
paramiko rocks, adding agent forwarding support is as simple as adding adding AgentRequestHandler(session)
.
This be an option, off by default, but we should honour ssh-config.
Do we want to overload the ssh=paramiko
command line option for that? Maybe add a -A / -a
switch to it, just like openssh?
try to start the AgentRequestHandler?
According to the documentation, the code in the patch above should do the job but I can't see anything in the environment that would tell applications about the forwarded agent. (no SSH_AUTH_SOCK
)
So I'm out of ideas.
this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/2303