Expand description
Long-lived SSH agent daemon.
Implements the server side of the SSH agent wire protocol on top of
ssh_agent_lib. Keys are held in-memory only, wrapped in types that
zeroize on drop; nothing is ever persisted to disk.
§Transports
- Unix — binds a Unix domain socket at
config.socket_pathwith mode0600.SIGTERMandSIGINTtrigger graceful shutdown. - Windows — creates a named pipe at
config.socket_path(conventionally\\.\pipe\gitway-agent).Ctrl+Ctriggers graceful shutdown; the pipe object is released automatically when the server handle drops.
On shutdown the stored keys are zeroed via KeyStore’s Drop, the
pid file is removed, and (on Unix) the socket inode is unlinked.
§Signing support
The daemon accepts Add for keys of every algorithm Gitway’s
keygen can produce (Ed25519, ECDSA P-256/384/521, RSA 2048..16384)
and signs with all of them. Ed25519 and the three ECDSA curves go
through ssh-key’s built-in Signer<Signature> trait; RSA routes
directly to rsa::pkcs1v15::SigningKey<ShaN> with the digest picked
from SignRequest.flags — rsa-sha2-512 when RSA_SHA2_512 is set,
rsa-sha2-256 when RSA_SHA2_256 is set. Requests with neither
flag (legacy SHA-1 ssh-rsa) are rejected: OpenSSH 8.2+ and modern
Git hosts always request SHA-2.
§Example
use std::path::PathBuf;
use anvil_ssh::agent::daemon::{AgentDaemonConfig, run};
let cfg = AgentDaemonConfig {
socket_path: PathBuf::from("/tmp/gitway-agent.sock"),
pid_file: None,
default_ttl: None,
};
run(cfg).await?;Structs§
- Agent
Daemon Config - Configuration for
run.
Functions§
- run
- Runs the agent daemon until a termination signal arrives.