ability to select which identity to forward when using "ForwardAgent" ?

Pablo Escobar pescobar001 at gmail.com
Sun Oct 4 21:20:18 AEDT 2020


Hi,

I usually have around 10 identities loaded in my local ssh-agent and when I
use the "ForwardAgent" option all them are forwarded to the remote server,
which is not ideal. I usually only need to forward one (or two) of the
identities and I would like to be able to choose which one(s) to forward.

Looking for solutions it seems that the only option is to create a new
ssh-agent, add the required identities and then do the forwarding as
described in https://serverfault.com/a/1012678 but this is not very
convenient for daily usage mainly when I need to connect to many different
servers and all my private keys are password protected.

I have also found an external tool to do it (
https://github.com/tiwe-de/ssh-agent-filter ) but this tool doesn't seem to
be actively maintained and a native openssh functionality would be
preferred.

Ideally it would be great to be able to add something like this to my
~/.ssh/config ( option "IdentitiesToForward" in this example doesn't exist
and it's what I am missing)

Host myserver
    Hostname myserver.com
    IdentityFile ~/.ssh/id_ed25519
    ForwardAgent yes
    IdentitiesToForward ~/.ssh/id_ed25519,~/.ssh/id_rsa

Do you think this feature or any alternative providing similar
functionality could be added to openssh?

Or is there any existing alternative to do it which I missed checking the
docs?

thanks in advance for any help or advice.
best regards,
Pablo.


More information about the openssh-unix-dev mailing list