ssh-agent use in different security domains

Saku Ytti saku at
Tue Oct 25 18:57:18 EST 2011

Consider this topology

                domain1-server1      domain2-server2
                            |                             |
    laptop - domain1-server1 ---- domain2-server1

Laptop has two ssh identities, domain1 and domain2.

I don't wish to store identity locally in any of the servers. As far
as I understand, there isn't any way to limit ssh-agent to allow only
signing domain2 servers with domain2 identity? So Evil Admin of
domain2 could potentially ssh using my domain1 identity to domain1

But need this be so? Couldn't we have something like

cat >> .ssh/config
host *.domain1.*
  Identity permit domain1-key
  Identity deny all

host *.domain2.*
  Identity permit domain2-key
  Identity deny all

Or maybe ssh-agent itself could prompt user: 'domain2-server2 wants me
to sign with identity domain1-key, allow? yes/no, [ ] always?'.

Or is this problem already solved somehow?

More information about the openssh-unix-dev mailing list