Forward only specific identities
Dustin Lundquist
dustin at null-ptr.net
Tue Mar 15 04:11:27 AEDT 2016
It's possible to use a proxy to filter the SSH agent connections. I found
this https://github.com/tiwe-de/ssh-agent-filter, but it didn't meet our
exact needs to allow multiple users to share an identity so I implemented
https://github.com/blueboxgroup/sshagentmux.
-Dustin
On Sun, Mar 13, 2016 at 4:14 PM, Darren Tucker <dtucker at zip.com.au> wrote:
> On Sat, Mar 12, 2016 at 8:30 AM, Tim Spriggs <imoverclocked at gmail.com>
> wrote:
> > Hi OpenSSH peeps!
> >
> > I have looked around a few man pages and the usual sources of
> > information but I can't seem to find a way to only forward specific
> > identities to some hosts. What I would really like to have is a way to
> > only forward the identity that gave me a successful auth:
>
> Right now ssh (which forwards the request to the agent) doesn't
> understand the agent protocol, so it can't differentiate. It's
> something Damien has mentioned as something we'd like to add but I
> don't know of any concrete plans.
>
> In the mean time, you could use a separate agent for the key in
> question and point $SSH_AUTH_SOCK at the appropriate socket.
>
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
> Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
More information about the openssh-unix-dev
mailing list