Skip to content

Commit 07b596d

Browse files
zraexyzraexy
authored
Allow nodes to use SSH agent forwarding (#2145)
1 parent f3fca83 commit 07b596d

File tree

3 files changed

+7
-6
lines changed

3 files changed

+7
-6
lines changed

CHANGELOG.md

+1
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
## Next
44

55
- Improved compatibilty of built-in DERP server with clients connecting over WebSocket.
6+
- Allow nodes to use SSH agent forwarding [#2145](https://github.com/juanfont/headscale/pull/2145)
67

78
## 0.23.0 (2024-09-18)
89

hscontrol/policy/acls.go

+2-2
Original file line numberDiff line numberDiff line change
@@ -292,7 +292,7 @@ func (pol *ACLPolicy) CompileSSHPolicy(
292292
Reject: false,
293293
Accept: true,
294294
SessionDuration: 0,
295-
AllowAgentForwarding: false,
295+
AllowAgentForwarding: true,
296296
HoldAndDelegate: "",
297297
AllowLocalPortForwarding: true,
298298
}
@@ -401,7 +401,7 @@ func sshCheckAction(duration string) (*tailcfg.SSHAction, error) {
401401
Reject: false,
402402
Accept: true,
403403
SessionDuration: sessionLength,
404-
AllowAgentForwarding: false,
404+
AllowAgentForwarding: true,
405405
HoldAndDelegate: "",
406406
AllowLocalPortForwarding: true,
407407
}, nil

hscontrol/policy/acls_test.go

+4-4
Original file line numberDiff line numberDiff line change
@@ -3323,7 +3323,7 @@ func TestSSHRules(t *testing.T) {
33233323
SSHUsers: map[string]string{
33243324
"autogroup:nonroot": "=",
33253325
},
3326-
Action: &tailcfg.SSHAction{Accept: true, AllowLocalPortForwarding: true},
3326+
Action: &tailcfg.SSHAction{Accept: true, AllowAgentForwarding: true, AllowLocalPortForwarding: true},
33273327
},
33283328
{
33293329
SSHUsers: map[string]string{
@@ -3334,7 +3334,7 @@ func TestSSHRules(t *testing.T) {
33343334
Any: true,
33353335
},
33363336
},
3337-
Action: &tailcfg.SSHAction{Accept: true, AllowLocalPortForwarding: true},
3337+
Action: &tailcfg.SSHAction{Accept: true, AllowAgentForwarding: true, AllowLocalPortForwarding: true},
33383338
},
33393339
{
33403340
Principals: []*tailcfg.SSHPrincipal{
@@ -3345,7 +3345,7 @@ func TestSSHRules(t *testing.T) {
33453345
SSHUsers: map[string]string{
33463346
"autogroup:nonroot": "=",
33473347
},
3348-
Action: &tailcfg.SSHAction{Accept: true, AllowLocalPortForwarding: true},
3348+
Action: &tailcfg.SSHAction{Accept: true, AllowAgentForwarding: true, AllowLocalPortForwarding: true},
33493349
},
33503350
{
33513351
SSHUsers: map[string]string{
@@ -3356,7 +3356,7 @@ func TestSSHRules(t *testing.T) {
33563356
Any: true,
33573357
},
33583358
},
3359-
Action: &tailcfg.SSHAction{Accept: true, AllowLocalPortForwarding: true},
3359+
Action: &tailcfg.SSHAction{Accept: true, AllowAgentForwarding: true, AllowLocalPortForwarding: true},
33603360
},
33613361
}},
33623362
},

0 commit comments

Comments
 (0)