StanfordSNR / guardian-agent

[beta] Guardian Agent: secure ssh-agent forwarding for Mosh and SSH
BSD 3-Clause "New" or "Revised" License
439 stars 30 forks source link

Feature Request: More flexible policy life span #16

Open yookoala opened 6 years ago

yookoala commented 6 years ago

Right now, it seems the guardian-agent only support global policies. Either you trust the intermediate server once, forever (on host or on everything) or you don't.

It would be nice to have temporary policies of more flexible trust life span, such as:

  1. Session: Much like cookie. It lives only as long as the sga-guard process's life.
  2. Five minutes in Session: It expires in 5 minutes or when sga-guard process ended (whichever shorter).
  3. One month: The policy stores with an expiration date. When expire, sga-guard will discard the policy.
rachidbch commented 6 years ago

I fully second this. Allowing once is clearly impratical.

I run guardian-agent on a local terminal and ssh (with mosh) to a server where dev is done. Each time I git push, I have to wait for the prompt for a full second, answer '2' for 'Allow once', wait another full second answer another '2' ... The only other option is to allow forever which is no better than standard ssh agent forward ... Keep on the (very) good work guys!