// SignatureFlag values as defined in [PROTOCOL.agent] section 5.3. const SignatureFlagReserved = iota


// SignatureFlag values as defined in [PROTOCOL.agent] section 5.3. const SignatureFlagRsaSha256 = iota


// SignatureFlag values as defined in [PROTOCOL.agent] section 5.3. const SignatureFlagRsaSha512 = iota


// ErrExtensionUnsupported indicates that an extension defined in // [PROTOCOL.agent] section 4.7 is unsupported by the agent. Specifically this // error indicates that the agent returned a standard SSH_AGENT_FAILURE message // as the result of a SSH_AGENTC_EXTENSION request. Note that the protocol // specification (and therefore this error) does not distinguish between a // specific extension being unsupported and extensions being unsupported entirely. var ErrExtensionUnsupported = errors.New("agent: extension unsupported")


// Agent represents the capabilities of an ssh-agent. type Agent interface { // List returns the identities known to the agent. List() ([]*Key, error) // Sign has the agent sign the data using a protocol 2 key as defined // in [PROTOCOL.agent] section 2.6.2. Sign(key ssh.PublicKey, data []byte) (*ssh.Signature, error) // Add adds a private key to the agent. Add(key AddedKey) error // Remove removes all identities with the given public key. Remove(key ssh.PublicKey) error // RemoveAll removes all identities. RemoveAll() error // Lock locks the agent. Sign and Remove will fail, and List will empty an empty list. Lock(passphrase []byte) error // Unlock undoes the effect of Lock Unlock(passphrase []byte) error // Signers returns signers for all the known keys. Signers() ([]ssh.Signer, error) }


type ExtendedAgent interface { Agent // SignWithFlags signs like Sign, but allows for additional flags to be sent/received SignWithFlags(key ssh.PublicKey, data []byte, flags SignatureFlags) (*ssh.Signature, error) // Extension processes a custom extension request. Standard-compliant agents are not // required to support any extensions, but this method allows agents to implement // vendor-specific methods or add experimental features. See [PROTOCOL.agent] section 4.7. // If agent extensions are unsupported entirely this method MUST return an // ErrExtensionUnsupported error. Similarly, if just the specific extensionType in // the request is unsupported by the agent then ErrExtensionUnsupported MUST be // returned. // // In the case of success, since [PROTOCOL.agent] section 4.7 specifies that the contents // of the response are unspecified (including the type of the message), the complete // response will be returned as a []byte slice, including the "type" byte of the message. Extension(extensionType string, contents []byte) ([]byte, error) }


// ForwardToAgent routes authentication requests to the given keyring. func ForwardToAgent(client *ssh.Client, keyring Agent) error


// ForwardToRemote routes authentication requests to the ssh-agent // process serving on the given unix socket. func ForwardToRemote(client *ssh.Client, addr string) error


// NewClient returns an Agent that talks to an ssh-agent process over // the given connection. func NewClient(rw io.ReadWriter) ExtendedAgent


// NewKeyring returns an Agent that holds keys in memory. It is safe // for concurrent use by multiple goroutines. func NewKeyring() Agent


// RequestAgentForwarding sets up agent forwarding for the session. // ForwardToAgent or ForwardToRemote should be called to route // the authentication requests. func RequestAgentForwarding(session *ssh.Session) error


// ServeAgent serves the agent protocol on the given connection. It // returns when an I/O error occurs. func ServeAgent(agent Agent, c io.ReadWriter) error