Add opt-in, security-gated SSH-agent forwarding
Item 3: SSH-agent forwarding, double-gated (client -A/forward_agent AND server allow_agent_forwarding) and off by default on both ends. Wire: new ForwardingKind::Agent (appended, existing bincode discriminants unchanged). Bumped protocol VERSION 2 -> 3 so a pre-agent peer answers with a clear version-mismatch reject instead of a deserialize error. Client: -A / --forward-agent flag; requires local SSH_AUTH_SOCK. Requests an Agent forwarding during native auth (agent forwarding requires native auth) and, on a server-initiated StreamOpen carrying the reserved @dosh-agent sentinel, splices the stream into the local agent unix socket (separate agent_writers map, TCP forwarding paths untouched). Rejects agent StreamOpens unless it opted in, so a server cannot reach the agent without consent. Server: when the client opted in and allow_agent_forwarding is set, binds a per-session proxy unix socket (dir 0700, socket 0600) before the shell spawns, exports its path as the session's SSH_AUTH_SOCK, and tunnels each connection back to the client over the agent sentinel stream. Applies only to freshly spawned shells (documented). Socket cleaned up on auth/forward failure and when the accept loop ends. SECURITY rationale documented in comments. Tests: 2 end-to-end integration tests (full chain identities round-trip via a PTY-hosted client + looping fake agent; and "no -A => no proxy socket"). Docs updated (README forwarding + disconnect-status note, spec §12.1). fmt + full test suite green (122 tests). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -444,6 +444,7 @@ CLI:
|
||||
dosh -L [bind_host:]listen_port:target_host:target_port host
|
||||
dosh -R [bind_host:]listen_port:target_host:target_port host
|
||||
dosh -D [bind_host:]listen_port host
|
||||
dosh -A host # forward the local ssh-agent (opt-in, server-gated)
|
||||
```
|
||||
|
||||
Stream packet types:
|
||||
@@ -473,6 +474,24 @@ Forwarding rules:
|
||||
- Stream packet scheduling must enforce terminal priority; a large port-forward copy
|
||||
cannot make shell keystrokes lag.
|
||||
|
||||
### 12.1 SSH-Agent Forwarding (opt-in, security-gated)
|
||||
|
||||
- Activated only on explicit client opt-in (`-A` / `forward_agent = true`) **and**
|
||||
server `allow_agent_forwarding = true`. Off by default on both ends.
|
||||
- The client requests a `ForwardingKind::Agent` entry during auth. If the server
|
||||
policy allows it, the server binds a per-session proxy unix socket in a
|
||||
process-private directory (dir 0700, socket 0600) and exports its path as the
|
||||
spawned shell's `SSH_AUTH_SOCK`.
|
||||
- Each connection from a remote process to that proxy socket is tunneled to the
|
||||
client over a server-initiated `StreamOpen` carrying the reserved target sentinel
|
||||
`@dosh-agent` (port 0). The client splices it into its local `SSH_AUTH_SOCK`
|
||||
(a unix socket, not a TCP target). Data/window/close reuse the existing stream
|
||||
packets unchanged.
|
||||
- Only applies to a freshly spawned shell; an already-running attached/prewarmed
|
||||
session keeps its existing environment (same constraint as ssh/mosh).
|
||||
- SECURITY: forwarding exposes the local agent to the remote host for the session's
|
||||
lifetime, which is why it is double-gated and never the default.
|
||||
|
||||
## 13. Diagnostics And Operations
|
||||
|
||||
Native v1 must include operations commands:
|
||||
|
||||
Reference in New Issue
Block a user