X
@Skyper I feel like Bitwarden is not the issue here. It feels legitimate for a SSH agent to hold many keys.
Even OpenSSH planned/did a protocol extension for this: https://www.openssh.org/agent-restrict.html
My proxy proposal would not require a protocol extension.
With Bitwarden, you can store your SSH keys and use the desktop app to expose a SSH agent socket.
Some SSH servers have a MaxAuthTries configured with a low value.
If you use a SSH agent loaded with more keys that the MaxAuthTries value, and the required key is not in the MaxAuthTries first tried keys, you get an authentication error.
In CLI, you just pop a new SSH agent, load it with the "only key you need" and off you go.
With Bitwarden, you cannot do that (I think).
I have been thinking about implementing a SSH agent proxy that connects to Bitwarden, lists the keys available, and create a new agent per listed key, answering only for that key.
You could then configure SSH to use that SSH agent socket or that other SSH agent socket depending on the host you connect to, with IdentitiesOnly and an IdentityAgent pointing to the right SSH agent socket.
What do you think? Would you use that proxy?
Je suis en train de review la SecNumAcadémie de l'ANSSI. Je n'ai regardé que le module 2 sur les mots de passe, mais j'enrage 
Ç'a été relu par qqn de compétent ce truc où c'est le département communication qui a encore fait de la magie ? 
🤬
