wezterm

mirror of https://github.com/wez/wezterm.git synced 2024-09-11 14:25:57 +03:00

History

Wez Furlong 6b93ee19e7 mux: record client ssh_auth_sock information This commit expands the set of data that we track for each client to include the SSH_AUTH_SOCK. This defaults to the value of that env var on the machine where the ClientId is constructed, which may be remote from the mux server. For the proxy scenario, a remote SSH_AUTH_SOCK path is not addressable, and what we really want is the local SSH_AUTH_SOCK path from that SSH session, so we introduce awareness of whether the current session is a proxy session. Proxy sessions register the mux-local-proxy-id during the setup of the proxy, but we don't apply the identity to the mux. Instead, we wait for the remote client to send their identity and that is annotate to show that it has been routed via a proxy and, crucially, has the SSH_AUTH_SOCK replaced with the mux-local-proxy-id SSH_AUTH_SOCK. ``` ; wezterm cli list-clients USER HOST PID CONNECTED IDLE WORKSPACE FOCUS SSH_AUTH_SOCK wez foo 336500 86.944834352s 944.834352ms default 3 /home/wez/.1password/agent.sock wez foo (via proxy pid 337457) 337314 1.944834352s 944.834352ms 4 /tmp/ssh-XXXXTfGSp7/agent.337456 ``` For the SSH_AUTH_SOCK to be populated, ssh agent forwarding also needs to be enabled for SSH exec() calls; previously it was enabled only for pty channels. Since this commit changes the ABI of the mux protocol, the codec version has been bumped.	2024-05-09 07:45:19 -07:00
..
src	mux: record client ssh_auth_sock information	2024-05-09 07:45:19 -07:00
Cargo.toml	[PATCH] Fix various cargo audit errors	2024-05-04 22:47:57 -07:00

mux: record client ssh_auth_sock information

This commit expands the set of data that we track for each client to
include the SSH_AUTH_SOCK. This defaults to the value of that env var on
the machine where the ClientId is constructed, which may be remote from
the mux server.

For the proxy scenario, a remote SSH_AUTH_SOCK path is not addressable,
and what we really want is the local SSH_AUTH_SOCK path from that SSH
session, so we introduce awareness of whether the current session is a
proxy session. Proxy sessions register the mux-local-proxy-id during the
setup of the proxy, but we don't apply the identity to the mux. Instead,
we wait for the remote client to send their identity and that is
annotate to show that it has been routed via a proxy and, crucially, has
the SSH_AUTH_SOCK replaced with the mux-local-proxy-id SSH_AUTH_SOCK.

```
; wezterm cli list-clients
USER HOST                          PID CONNECTED     IDLE         WORKSPACE FOCUS SSH_AUTH_SOCK
wez  foo                        336500 86.944834352s 944.834352ms default       3 /home/wez/.1password/agent.sock
wez  foo (via proxy pid 337457) 337314 1.944834352s  944.834352ms               4 /tmp/ssh-XXXXTfGSp7/agent.337456
```

For the SSH_AUTH_SOCK to be populated, ssh agent forwarding also needs
to be enabled for SSH exec() calls; previously it was enabled only for
pty channels.

Since this commit changes the ABI of the mux protocol, the codec
version has been bumped.

2024-05-09 07:45:19 -07:00

src

mux: record client ssh_auth_sock information

2024-05-09 07:45:19 -07:00

Cargo.toml

[PATCH] Fix various cargo audit errors

2024-05-04 22:47:57 -07:00