Agent Forwarding
When using ssh
to connect to a remote server, you may also need to receive access tokens from the local agent. This is possible by forwarding the UNIX domain socket used for communicating with the agent.
This needs a client and server side configuration. Both configurations can be done by a local user.
Client
This can be done using the -R
option of ssh
(e.g. with ssh -R /tmp/oidc-forward:$OIDC_SOCK user@host
). Defining an alias makes this more easily usable: . Example:
For most convenience, you should put the alias line into your .profile
, .zshrc
, or .bash_aliases
file.
Note that you could also overwrite the actual ssh
command with an alias. While this works, this will always create a socket file on the remote host, which can be used by the remote system administrator to access your tokens. Use it wisely.
Server
On the server, you have to set the OIDC_SOCK
environment variable (export OIDC_SOCK=/tmp/oidc-forward
).
We recommend the following configurations: Put the following in your .profile
, .zshrc
, or .bash_profile
on the server:
Add this into your .zlogout
, or .bash_logout
on the server:
Last updated