SSH agent extensions are really powerful.<p>I'm maintaining a crate for writing own agents (and clients) and just recently added an example of providing decryption over extensions [0] which, coupled with the other examples, allows using SSH agent as a proxy between OpenPGP Card devices (eg Yubikeys) and OpenPGP encrypted data.<p>[0]: <a href="https://github.com/wiktor-k/ssh-agent-lib/pull/70">https://github.com/wiktor-k/ssh-agent-lib/pull/70</a><p>Got some really positive feedback about this one: <a href="https://chaos.social/@Foxboron/112416348981479022" rel="nofollow">https://chaos.social/@Foxboron/112416348981479022</a> ;)<p>> Windows didn't really do Unix sockets until recently so everything there is awful<p>Sadly the support for Unix sockets on Windows in Rust's standard lib is stuck in a limbo: <a href="https://github.com/rust-lang/libs-team/issues/271">https://github.com/rust-lang/libs-team/issues/271</a><p>Fortunately the built-in Windows' SSH client and agent work over Named Pipes and it's quite easy to communicate with them that way: <a href="https://github.com/wiktor-k/ssh-agent-lib#agent">https://github.com/wiktor-k/ssh-agent-lib#agent</a>
I've done the same with <a href="https://github.com/42wim/ssh-agentx/">https://github.com/42wim/ssh-agentx/</a>
Originally used to sign git commits with pgp in the sshagent, before ssh git commit signing was a thing.<p>Nowadays, I'm using it for signing code remotely on a server with a yubikey on the local laptop. (needs a patched relic - <a href="https://github.com/42wim/relic/tree/sshtoken">https://github.com/42wim/relic/tree/sshtoken</a>)<p>Also works with windows as it uses <a href="https://github.com/buptczq/WinCryptSSHAgent">https://github.com/buptczq/WinCryptSSHAgent</a> that did the hard work to get it to talk with almost everything that exists in windows/wsl/putty etc.