Open yookoala opened 6 years ago
I fully second this. Allowing once is clearly impratical.
I run guardian-agent on a local terminal and ssh (with mosh) to a server where dev is done. Each time I git push, I have to wait for the prompt for a full second, answer '2' for 'Allow once', wait another full second answer another '2' ... The only other option is to allow forever which is no better than standard ssh agent forward ... Keep on the (very) good work guys!
Right now, it seems the guardian-agent only support global policies. Either you trust the intermediate server once, forever (on host or on everything) or you don't.
It would be nice to have temporary policies of more flexible trust life span, such as:
sga-guard
process's life.sga-guard
process ended (whichever shorter).sga-guard
will discard the policy.