Add ssh.forwardAgent setting to Connect
#46798
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
requested review from
flyinghermit,
kimlisa,
kiosion,
mmcallister,
ptgott,
r0mant,
rudream,
ryanclark,
xinding33 and
zmb3
ravicious
removed request for
r0mant,
mmcallister,
zmb3,
ryanclark,
flyinghermit,
xinding33,
ptgott,
kiosion,
kimlisa and
rudream
|
🤖 Vercel preview here: https://docs-mkb0sx1m2-goteleport.vercel.app/docs/ver/preview |
gzdunek
approved these changes
Sep 20, 2024
gzdunek
reviewed
Sep 20, 2024
| @@ -478,6 +478,7 @@ Below is the list of the supported config properties. | |||
| | `keymap.openSearchBar` | `Command+K` on macOS<br/>`Ctrl+Shift+K` on Windows/Linux | Shortcut to open the search bar. | | |||
| | `headless.skipConfirm` | false | Skips the confirmation prompt for Headless WebAuthn approval and instead prompts for WebAuthn immediately. | | |||
| | `ssh.noResume` | false | Disables SSH connection resumption. | | |||
| | `ssh.forwardAgent` | true | Enables agent forwarding. | | |||
There was a problem hiding this comment.
The description here is different than in appConfigSchema. Was it done intentionally?
There was a problem hiding this comment.
I just wanted to keep it short after I saw how short it is for ssh.noResume. 🥲
ptgott
approved these changes
Sep 20, 2024
avatus
approved these changes
Sep 20, 2024
|
@ravicious See the table below for backport results.
|
This was referenced Sep 24, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In gravitational/webapps#1366, we made it so that Connect always passes
--forward-agentto fix #18320 – before that it was impossible to use agent forwarding in Connect.When investigating an issue with gpg-agent, after a short discussion we decided to turn it into an opt-in config option instead.
However, technically it'd be a breaking change, so this is split into two PRs. The first one is going to add
ssh.forwardAgentthat defaults to true (to keep backwards compatibility) and is going to be backported to v15 and v16. The next PR (#46799) is going to change the default to false and it will be released in v17.0.0.Fortunately thanks to the already existing
ssh.noResumewe have an established pattern for selecting flags to pass totsh sshbased on the config of Connect. v14 doesn't have that config option, so I'm not backporting to v14.changelog: Added a new config option in Teleport Connect to control SSH agent forwarding (
ssh.forwardAgent); starting in Teleport Connect v17, this option will be disabled by default