ability to select which identity to forward when using "ForwardAgent" ?
Lars Noodén
lars.nooden at gmx.com
Mon Oct 5 01:32:10 AEDT 2020
On 10/4/20 5:04 PM, Pablo Escobar wrote:
> On Sun, Oct 4, 2020 at 1:37 PM Lars Noodén <lars.nooden at gmx.com> wrote:
>
>> One work-around [1] is to use an alias.
>>
>> alias assh="ssh-agent ssh -o AddKeysToAgent=confirm \
>> -o ForwardAgent=yes"
>>
>> That approach will still respect what's in ssh_config(5) except for the
>> two options it overrides.
>>
>
> Thanks for the suggestion. In a quick test the two drawbacks I found with
> this approach are:
>
> 1) As I start a new agent I have to type the passwords for my private keys
> again even if I already added them to my previously existing agent. When
> using a bastion host with a different private key and the ssh option
> "ProxyJump" or "ProxyCommand" this means typing two passwords.
> 2) bash autocomplete is not working when using an alias. I use autocomplete
> a lot because I have few dozens of hosts entries in my ~/.ssh/config
[snip]
A different work-around would be to script the launching of several
instances ssh-agent(1), a new one for each destination which uses agent
forwarding, each socket with a unique, pre-decided name desginated using
the -a option. That way the sockets would have predictable paths and
the ssh_config(5) entries could thus use the IdentityAgent directive to
point to the relevant socket for each destination.
It's a more complex work-around requiring a little scripting. However,
that way the agents would be more persistent and tab-completion should
continue to work.
/Lars
More information about the openssh-unix-dev
mailing list