Blink: Add Agent Forwarding to ssh

Bump

Looks like there is a PR to libssh2 that adds agent forwarding: https://github.com/libssh2/libssh2/pull/219

Already working on it. We are moving to libssh, which has either a socket to connect to an agent, or you can just plug your own. That is a better interface.

@carloscabanero that's awesome news - this is the biggest blocker for me using blink for everything. Anything I can do to help with either dev or testing?

I had to rewrite the structure of the descriptors that we use internally, so that libssh works a lot better - previously the output descriptor was a stream. After that we will need a ton of testing on TestFlight, while we develop everything else, creating agents, tunnels, etc... hopefully with this new structure it should be a lot easier too. Stay tuned and I will hit you up!

I really need this feature and ProxyCommand. Happy to beta test if you add me to testflight.

I'll definitely help you test this, too. Already on testflight.

I'd love to be added to testflight to test this if possible!

Please add me too :)

I would love agent forwarding (and ProxyJump for that matter), I'd be happy to beta test anything you could throw in there :)

Hi @rfldn.

ssh-agent is not ready yet, but we are working on it. Stay tuned.

Update:

https://youtu.be/eiICg1P2bF0

Thank you!!!

Has this been added to master? This thread is a bit hard to follow. I see mentions of what’s happening to make this work, a video of it working, but no evidence this is actually in the release. Also, this issue is still open.

What’s the actual current status of getting agent forwarding in Blink?

ssh-agent and ssh-add are available in current App Store version. However, I am not sure if it is usable yet or how to use it. I tried ssh-add one several of my keys name, but I got an “error loading key: invalid format”. I will keep on digging and report.

I figured it out. It's a bit of work to make it happen.

ssh-agent

* open a new shell

ssh-add $KEY_NAME
ssh -A $HOST

Also, it doesn't look like mosh respects it, so it's just ssh for now.

@maddox mosh has no plan to support ssh-agent apparently. They bet on their experimental tool https://github.com/StanfordSNR/guardian-agent

@mremond Whatever gets my keys there! Thanks for the info.

@mremond, to your note about about guardian-agent, are there plans to support this in blink?

What’s the status of this one? It seems to work with RSA keys, not with ed25519 keys.

Wondering if it would be possible to use similar mechanisms as SeKey on macos? That is, a per-device, securely kept key (whatever type) that gets activated by fingerprint (not so sure how faceid would work here) and have the ability to forward this key to far away server?

I’m working on Ed keys. See #681

About SeKey. We are working on far better solution. Stay tuned.

Ok. Will try to set up the oss build when time permits. What is better than sekey ?

How it looks like wit this? Last update almost a year ago!

@kecinzer What is your question? Agent Forwarding is working well, using it every day. AFAIK this issue is only still open for usability improvements.

Same question here. Proper support for ssh agent via gui config would be needed. Not even asking for the sekey replacement (and I’ve read about the key sharing thing, not interested)

Are there any usability improvements for this feature on the immediate roadmap? I appreciate the existing functionality, but the workflow is a little cumbersome; if I'm not using it regularly, I typically have to come back to this issue and look at the steps to get it right 😅

Yes, this is in the immediate roadmap for Blink 14 release.