agent forwarding [was Re: agent draft updated]

[Mouse <mouse%Rodents-Montreal.ORG@localhost>]

> But to make that work properly if agent forwarding is requested on
> multiple channels, it would help if the CHANNEL_OPEN request includes
> the id of that associated channel (which it doesn't, according to the
> draft.  iirc, x11 forwarding has the same issue).

Right on both counts.  This is why moussh uses a private variant where
the auth-agent-req analog includes a cookie which is returned in the
channel open request.  (It falls back to stock agent forwarding
requests if the private request is refused and connection sharing is
not in use.)

I did the same for X11 forwarding, though it's not strictly necessary;
very similar semantics can be obtained by sending different
MIT-MAGIC-COOKIE authentication cookies to different channels.  It's
been a while since I looked at the code, but I _think_ moussh first
tries its own private request, then falls back to using X
authentication cookies if that fails.  (The major difference is
security exposure; a cookie that's never exported from the server
process is usually harder to attack than something stored in
~/.Xauthority.)

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B