chrome-ssh-agent icon indicating copy to clipboard operation
chrome-ssh-agent copied to clipboard

Published 20 hours ago verified publisher icon google

Feature Request: Confirm constraint

Open mhofman opened this issue 5 years ago • 1 comments

It would be great to support the confirm mechanism that exists in the SSH agent protocol.

Currently when loading a key through ssh-add with the -c option, the key will actually be used silently without any prompt.

I looked through the golang crypto source code, and it looks like the agent server parses the constraint and sets a ConfirmBeforeUse flag on the key, but the keyring.add method simply ignores it.

From a UI persepective, I'd want the options page to set the constraint when adding a key and / or when loading it. For the prompt, the extension could show a notification (with require interaction set), to ask to either confirm or deny.

mhofman avatar Feb 27 '19 03:02 mhofman

I can understand the use case here, and the desire for this to be a fully-functioning SSH agent. However, Go's current implementation doesn't really appear to be more suitable for the more generic use cases, so doing this would be a much larger undertaking.

As another example, https://github.com/google/chrome-ssh-agent/issues/25 is a problem facing keys added directly from a connected ssh client.

Keeping this open in case something comes to mind here.

ralimi avatar Aug 09 '22 23:08 ralimi