IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: agent draft updated
Simon Tatham <anakin%pobox.com@localhost> writes:
> The auth-agent-req@ request is a CHANNEL_REQUEST and not a
> GLOBAL_REQUEST. But nothing is said about what that channel in
> particular has to do with anything.
I'm not sure how this works (and I have so far never implement agent
forwarding myself), but I would expect that the forwarding is implicitly
cancelled when the associated channel is closed. I.e., any auth-agent@
CHANNEL_OPEN requests received after the CHANNEL_CLOSE for the
associated channel should fail.
But to make that work properly if agent forwarding is requested on
multiple channels, it would help if the CHANNEL_OPEN request includes
the id of that associated channel (which it doesn't, according to the
draft. iirc, x11 forwarding has the same issue).
The client could still keep track of number of active sessions with
agent forwarding enabled, and refuse auth-agent@ CHANNEL_OPEN once that
count goes down to zero.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
Home |
Main Index |
Thread Index |
Old Index