Our great sponsors
-
mac-ssh-confirm
Protect against SSH Agent Hijacking on Mac OS X with the ability to confirm agent identities prior to each use
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
ObPlug for Guardian Agent, which is basically "safe" ssh-agent forwarding (and works with Mosh and SSH): https://github.com/StanfordSNR/guardian-agent
The basic story is that ssh-agent really just exposes a primitive of "please sign this challenge," which is useful locally, but the protocol wasn't designed to be forwarded. If requests are coming from a semi-trusted intermediary host, the protocol doesn't tell the agent (a) what remote server is being authenticated to [i.e., who generated the challenge?], or (b) what command is going to be executed. It doesn't even really know (c) what (semi-trusted) host has forwarded the challenge?
Guardian Agent is a sort of hack that allows the agent to know (a), (b), and (c) before deciding whether to grant or deny the request, and you can set up policies like, "I'd like to allow `jump host x` to use to run "git pull" when talking to `git server y`, but that's it." The basic ssh-agent protocol just doesn't have enough info to be able to do something like that.
For Mac users, there is this: https://github.com/TimidRobot/mac-ssh-confirm
Doesn't add 2FA so much as it prompts you for each agent use.
On the remote end, you can enable 2FA for logging into the server with libpam-google-authenticator.
I've seen several systems that wrap the ssh binary to allow different agents to be forwarded to different hosts. Personally I think this is unwieldy -- it really should be something which is built into ssh directly.
Running multiple agents is also a bit ugly, especially if you are trying to consolidate your keys with an agent integrated with your desktop environment, which I think is the most common use case.
FWIW my proposal for fixing it is https://github.com/openssh/openssh-portable/pull/233 but it isn't the most elegant solution either I guess. It doesn't seem to have picked up much interest so I don't think it's likely to ever be merged (at least in its current form) which is fine. Hopefully some tamed version of agent forwarding appears directly in openssh someday, either as a simple key filter or something more complicated like guardian-agent