You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2021/11/03 22:31:00 UTC
[jira] [Work logged] (SSHD-1221) Support key constraints when
adding a key to an SSH agent
[ https://issues.apache.org/jira/browse/SSHD-1221?focusedWorklogId=674998&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-674998 ]
ASF GitHub Bot logged work on SSHD-1221:
----------------------------------------
Author: ASF GitHub Bot
Created on: 03/Nov/21 22:30
Start Date: 03/Nov/21 22:30
Worklog Time Spent: 10m
Work Description: tomaswolf opened a new pull request #208:
URL: https://github.com/apache/mina-sshd/pull/208
Change the API of SshAgent.addKeyToAgent() to be able to pass key
constraints. Provide default implementations for the documented
OpenSSH constraints: confirm, lifetime, and the sk-provider extension.
Handle them in the AbstractAgentProxy implementation. Note that
AbstractAgentProxy currently implements addKeyToAgent() only for
OpenSSH. Users wanting to support a different agent may have to
implement different constraints by extending the provided base classes,
and may have to provide their own SshAgent (and a factory for it)
implementing a different protocol for addKeyToAgent().
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Issue Time Tracking
-------------------
Worklog Id: (was: 674998)
Remaining Estimate: 0h
Time Spent: 10m
> Support key constraints when adding a key to an SSH agent
> ---------------------------------------------------------
>
> Key: SSHD-1221
> URL: https://issues.apache.org/jira/browse/SSHD-1221
> Project: MINA SSHD
> Issue Type: Improvement
> Affects Versions: 2.7.0
> Reporter: Thomas Wolf
> Assignee: Thomas Wolf
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> This is needed for OpenSSH compatibility. [OpenSSH|https://datatracker.ietf.org/doc/html/draft-miller-ssh-agent-04#section-4.2.6] documents three constraints:
> * confirm - the agent prompts the user before each key use of a key added with this option.
> * lifetime - in seconds; the agent automatically removes the key when the time expires.
> * generic extensions, of which there is one:
> ** sk-provider - path to a middleware library needed for FIDO keys
> The [IETF draft|https://datatracker.ietf.org/doc/html/draft-ietf-secsh-agent-02#section-1.4.2] also has constraints for keys being added, but of course those are different, and their draft looks incomplete in those sections.
> Apache MINA sshd should provide interfaces that enable users to implement adding keys to an agent with arbitrary constraints, and should provide a default implementation compatible with OpenSSH.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org