{"id":22964893,"url":"https://github.com/susji/agentyesno","last_synced_at":"2025-08-19T23:09:37.097Z","repository":{"id":193693447,"uuid":"689337691","full_name":"susji/agentyesno","owner":"susji","description":"SSH agent proxy for interactive Sign Request approval","archived":false,"fork":false,"pushed_at":"2024-12-11T23:33:12.000Z","size":47,"stargazers_count":1,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-03T01:45:09.573Z","etag":null,"topics":["agent","proxy","ssh","ssh-agent","ssh-agent-forwarding"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/susji.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-09-09T13:47:12.000Z","updated_at":"2024-11-09T14:27:14.000Z","dependencies_parsed_at":"2024-04-01T12:26:53.646Z","dependency_job_id":"43d5878a-6d53-4f09-94aa-d845d254f030","html_url":"https://github.com/susji/agentyesno","commit_stats":null,"previous_names":["susji/agentyesno"],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/susji/agentyesno","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/susji%2Fagentyesno","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/susji%2Fagentyesno/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/susji%2Fagentyesno/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/susji%2Fagentyesno/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/susji","download_url":"https://codeload.github.com/susji/agentyesno/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/susji%2Fagentyesno/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271236280,"owners_count":24723978,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-19T02:00:09.176Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent","proxy","ssh","ssh-agent","ssh-agent-forwarding"],"created_at":"2024-12-14T20:12:50.009Z","updated_at":"2025-08-19T23:09:37.056Z","avatar_url":"https://github.com/susji.png","language":"Go","readme":"# agentyesno\n\n# Why?\n\nDidn't you always want to use SSH agent forwarding when connecting to vaguely\ntrusted computers? Me neither. Sometimes one may have to and in that case\n`agentyesno` might be useful.\n\n`agentyesno` is a tiny interactive terminal program which acts an intercepting\nproxy for SSH agent protocol's Sign Requests. It is meant to stand between\nremote agent requests and your local SSH agent. It *may* work with local agent\nrequests, but local clients can easily circumvent the agent.\n\n# Disclaimer\n\nUse `agentyesno` at your own risk. It is untested and experimental. This kind of\na tool may offer you some protection in certain scenarios, but there are many\nscenarios where it will not help you. There is a reason why for example OpenSSH\ndoes *not* enable forwarding of agent connections by default. If you don't know\nwhat you are doing, do not use agent forwarding. Before you use a tool like\nthis, make sure that ProxyJump (`-J`), locking the agent (`-x`) or ProxyCommand\nare not better suited for your needs.\n\n# How does it work?\n\n`agentyesno` uses Go's SSH library for handling client and agent communications.\nThe program pauses on Sign Requests and asks the user's opinion before passing\nthe request to the actual agent. The user has to explicitly accept this sign\nrequest by typing something. If the user does not give permission or responding\ntakes too long, then the Sign Request is dropped and not forwarded to the actual\nagent. All other supported agent operations are passed transparently and\nnon-interactively.\n\n```\n\n     Sign                       Sign\n    Request                    Response\n\n           .---------------.\n      /|\\  |   ssh agent   |      |\n       |   '---------------'      |\n       |         |                |\n       |         | domain socket  |\n       |         |                |\n       |   .---------------.      |\n       |   |   agentyesno  |      |\n       |   '---------------'      |\n       |         |                |\n       |         | domain socket  |\n       |         |                |\n       |   .---------------.      |\n       |   |  agent client |     \\|/\n           '---------------'\n```\n\n\nTo make usage clearer, `agentyesno` will only serve one Sign Request at a time.\nOther clients will have to wait for their turn.\n\n# How to use?\n\n## Summary\n\n1. Run `agentyesno` and make sure it can find the real SSH agent either with\n   `$SSH_AUTH_SOCKET` or with the `-agent` parameter\n2. Connect to some SSH server using `ssh` with agent forwarding enabled and make\n   sure `$SSH_AUTH_SOCK` points at `agentyesno`\n\n## Details\n\n`agentyesno` listens on a domain socket as locally running SSH agents typically\ndo and you instruct your SSH client to use `agentyesno` as the agent. With\nOpenSSH, this would mean setting your `$SSH_AUTH_SOCK` to point at `agentyesno`'s\nlistening socket on the filesystem, perhaps like this:\n\n    $ export SSH_AUTH_SOCK=\"$(agentyesno -printlisten)\"\n\nIf you don't wish to make the change persist in the shell session, you can set\nthe value for a single program execution:\n\n    $ SSH_AUTH_SOCK=\"$(agentyesno -printlisten)\" ssh user@host\n\nSomewhere on the background and easily reachable, perhaps in a different\nterminal window or a tmux pane, you would have `agentyesno` ready and waiting\nfor agent requests:\n\n    $ agentyesno\n\n`agentyesno` will default to finding your real agent via `$SSH_AUTH_SOCK`. You\nmay also set the listening socket and real agent paths with `-listen` and\n`-agent`, respectively.\n\nFor more instructions, see the program code and the help:\n\n    $ agentyesno -h\n\n# How to install?\n\nIf you have a Go toolchain installed, you can install the latest tagged version of\n`agentyesno` by invoking\n\n    $ go install github.com/susji/agentyesno@latest\n\nAlternatively, [here](https://github.com/susji/agentyesno/releases) you will\nfind pre-built binaries for several architectures and UNIX-like platforms.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsusji%2Fagentyesno","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsusji%2Fagentyesno","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsusji%2Fagentyesno/lists"}