Hi folks, We developed a (prototype) tool that does secure agent forwarding and works with Mosh. Would be grateful for testing and feedback: https://github.com/StanfordSNR/guardian-agent
Compared with traditional ssh-agent forwarding, this tool provides more-constrained agent forwarding that we think could safely be enabled on any connection. It works alongside any version of Mosh or SSH. Users run sga-guard (the agent) on their local machine, in a separate window alongside the interactive session. sga-guard prompts the user to approve forwarded ssh requests from the intermediary host, either with an X11 popup or in that second terminal window. Unlike with ssh-agent forwarding, the agent can enforce limits on which intermediary host can run which command on which servers. Based on feedback to this beta/prototype, maybe we can agree on a good way to incorporate these techniques more deeply into Mosh. (Even if it's just a mosh -A flag that sets this up automatically instead of needing a second terminal window.) There is a more detailed writeup in the README: https://github.com/StanfordSNR/guardian-agent We're grateful for feedback, whether about the usability of the tool, the underlying mechanism, or the best way to make this smooth for Mosh users. Thanks all, the Guardian Agent developers (Dima Kogan, Henri Stern, David Mazieres, Keith Winstein)
_______________________________________________ mosh-users mailing list mosh-users@mit.edu http://mailman.mit.edu/mailman/listinfo/mosh-users
