Simon Josefsson simon@josefsson.org writes:
Is there any support for agent-style public-key authentication in lsh?
No.
Any plans?
It would definitely be good to have. Patches welcome. I haven't gotten around to implementing it myself.
On the lsh-side, I imagine one needs code to talk to the agent and return an instance of (a subclass of) the class signer. Interfaces in src/crypto.h. I don't think it should be very difficult.
And then I imagine one would also want to support agent forwarding. With the split into lsh and lsh-transport, it's not entirely obvious where agent forwarding belongs. It seems natural that it is lsh-transport which holds the connection to the agent (since this program does all cryptographic operations), but for forwarding, it probably needs to coordinate a bit with the lsh process, which keeps track of ssh channels and the like. Or maybe it's simplest to let each program have its own independent connection to the agent, where lsh-transport makes use of the agent, while lsh will just forward data to and from the agent?
I don't know if there's any need for a new lsh-agent program, or if one can just reuse gpg-agent.
A related (but independent) misfeature is that lsh asks for passphrases for all keys up front. It would be preferable to just read the public keys at startup, and unlock the needed private key only when it is about to be used.
Regards, /Niels