Enable SSH agent forwarding for scp

[BrHal]

Hello,

As a specific security requirement, on my lab, SSH authentication is performed thru a tool named "BalaBit - Shell Control Box (SCB)", which supports SSH agent forwarding. However, this security tool has a flaw in its current release : it is unable to fallback to ssh interactive password when authentication is set to ssh key exchange.

Therefore, I must use SSH key authentication and agent forwarding.
In addition, hosts I connect to have no internet connection, thus : localServerDownload Last but not least, I must use cygwin ssh because activating windows openssh forward agent requires admin rights on laptop, I don't have them.

All this works OK for remote ssh editing but the upload of vscode-server fails because scp ignores ForwardAgent ssh directive in config file unless "-A" flag is present on the cmd line.

I am using following explicit remote SSH Setup : { "remote.SSH.configFile": "path_to_my_ssh_config", "remote.SSH.localServerDownload": "always", "remote.SSH.showLoginTerminal": true, "remote.SSH.logLevel": "trace", } all other options are on default values, including remote.SSH.enableAgentForwarding : true

To overcome this issue, some extra remote.SSH setting for scp command should be useful in this case... say: Remote.SSH.scpExtraOptions: "-A" default ""

[tanhakabir]

scp ignores ForwardAgent ssh directive in config file unless "-A" flag is present on the cmd line.

How do you know this is the case?

[BrHal]

How do you know this is the case?

Ran tests on my lab, - sorry not showing because of sensitive details - plus found a rel note there :

https://www.openssh.com/txt/release-8.4

• scp(1), sftp(1): allow the -A flag to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it.

[tanhakabir]

Ah I see, seems reasonable to add a setting to add the -A flag on scp.

[etozhecyber]

I have found a workaround for this problem echo "alias scp='scp -A'" > .bash_profile