search

iterate-ch / cyberduck

Cyberduck is a libre FTP, SFTP, WebDAV, Amazon S3, Backblaze B2, Microsoft Azure & OneDrive and OpenStack Swift file transfer client for Mac and Windows.
https://cyberduck.io/
GNU General Public License v3.0
3.3k stars 291 forks source link

Add support for ssh-agents in sandboxed version #13945

Open ylangisc opened 1 year ago

ylangisc commented 1 year ago

Currently it's not possible to connect to an ssh-agent over sockets due to sandbox restrictions.

dkocher commented 1 year ago

Fails with failed to fctrl usocket: -1

dkocher commented 1 year ago

According to this forum thread from Quinn “The Eskimo!” there does not seem to be a solution to the problem.

…the App Sandbox puts significant restrictions on UNIX domain sockets. A sandboxed app is not allowed to connect to arbitrary UNIX domain sockets… The various file system temporary exceptions, like com.apple.security.temporary-exception.files.home-relative-path.read-write, won’t help with this because those only apply to files, and UNIX domain sockets are not files.

This could only be resolved if both the identity agent and Cyberduck would be running in the same app group.

dkocher commented 1 year ago

Restriction should be added to documentation in iterate-ch/docs#295.