Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: More flexible policy life span #16

Open
yookoala opened this issue Jan 5, 2018 · 1 comment
Open

Feature Request: More flexible policy life span #16

yookoala opened this issue Jan 5, 2018 · 1 comment

Comments

@yookoala
Copy link
Contributor

yookoala commented Jan 5, 2018
edited
Loading

Right now, it seems the guardian-agent only support global policies. Either you trust the intermediate server once, forever (on host or on everything) or you don't.

It would be nice to have temporary policies of more flexible trust life span, such as:

  1. Session: Much like cookie. It lives only as long as the sga-guard process's life.
  2. Five minutes in Session: It expires in 5 minutes or when sga-guard process ended (whichever shorter).
  3. One month: The policy stores with an expiration date. When expire, sga-guard will discard the policy.
@rachidbch
Copy link

I fully second this. Allowing once is clearly impratical.

I run guardian-agent on a local terminal and ssh (with mosh) to a server where dev is done.
Each time I git push, I have to wait for the prompt for a full second, answer '2' for 'Allow once', wait another full second answer another '2' ...
The only other option is to allow forever which is no better than standard ssh agent forward ...
Keep on the (very) good work guys!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yookoala @rachidbch