Filtering which identities are forwarded by ssh-agent to a given host
Ángel González
keisial at gmail.com
Mon Feb 2 06:15:01 AEDT 2015
On 01/02/15 13:52, Bill Nugent wrote:
> Howdy,
>
> I'm looking for a way to restrict which ssh keys are forwarded to a
> given remote host because we have several ssh domains. That is, I have
> two keys which I use throughout the day:
> .ssh/network-a-2014-10-12
> .ssh/network-b-2014-11-22
>
> I need to forward my network A key to the ssh gateway host for Network A
> to allow me to log into hosts on the other side of the gateway but I
> can't have the key for Network B to be forwarded. Similar thing for
> Network B. Deleting and adding is painful at best. I've experimented
> with IdentiesOnly=yes and IdentityFiles but on the network A gateway I
> still see all of my loaded keys including Network B. Is there a way to
> do this already? If not, would a Buzilla enhancement request be
> welcome? Perhaps requesting something along the lines of:
In addition of using two agents, you can stop forwarding your keys to
the gateway.
Instead, use a ProxyCommand to locally establish the connection to the
hosts inside
(you will pass through the gateway, but the ssh process is local, and
will honor your
IdentityFile setting). The problem was that the IdentityFile was being
honored by
the ssh at the gateway host, the agent doesn't have that knowledge.
Cheers
More information about the openssh-unix-dev
mailing list