Oddness with agent forwarding and -i
Roumen Petrov
openssh at roumenpetrov.info
Thu May 13 16:41:39 EST 2004
Did you test OpenSSH 3.8.1x ssh flag IdentitiesOnly ?
Please see ssh_config(5) man page for the option IdentitiesOnly.
Sample ~/.ssh/config:
=======================================
Host host1
IdentitiesOnly yes
IdentityFile ~/.ssh/id1
Host host2
IdentitiesOnly yes
IdentityFile ~/.ssh/id2
=======================================
Note with config lake above you can skip -i flag.
For versions before 3.8.1x I suggest workaround:
1.) for one ssh command in interactive mode as example:
$ ssh-agent scp -i ...
2.) for many ssh commands start new shell in interactive mode as follow:
$ ssh-agent /bin/sh
... enter commands
...
$ CTRL+D
3.) if you use shell script run it as follow:
$ ssh-agent myscript.sh
Enjoy ;-)
Thomas Baden wrote:
>Hey everyone,
>
>I hope this isn't an old issue; I wasn't able to
>locate it in the archives.
>
>I have a number of scripts which make use of ssh -i
>and scp -i, where the target host has the specified
>key in its authorized_keys file with a command=
>override to do immediate processing of the received
>data. This works extremely well, as we are able to
>establish single-function, triggered-action RSA keys
>to toss data from host to host.
>
>Unfortunately, when invoked with a forwarding agent
>present, the agent gets to pass its key(s) before the
>key presented on the command line, which causes all
>the magic to break. I've tried echoing the debug
>output, and it confirms that the agent does indeed get
>first crack at authenticating the connection.
>
>Is this expected behaviour, or should the presence of
>-i on the command line take precedence over the agent?
>
>Cheers,
>-Thomas
>
>
More information about the openssh-unix-dev
mailing list