StanfordSNR / guardian-agent

[beta] Guardian Agent: secure ssh-agent forwarding for Mosh and SSH
BSD 3-Clause "New" or "Revised" License
439 stars 30 forks source link

Maybe use new server host key in auth request? #35

Open pjz opened 2 years ago

pjz commented 2 years ago

From https://www.openssh.com/agent-restrict.html :

OpenSSH 8.9 will include the ability to control how and where keys in ssh-agent may be used, both locally and when forwarded

This seems to be done on the protocol side by including the server host key in the auth request - is this enough that guardian-agent could use it instead of having to put sga-ssh everywhere?