Filtering which identities are forwarded by ssh-agent to a given host
Bill Nugent
whn at lopi.com
Sun Feb 1 23:52:26 AEDT 2015
Howdy,
I'm looking for a way to restrict which ssh keys are forwarded to a
given remote host because we have several ssh domains. That is, I have
two keys which I use throughout the day:
.ssh/network-a-2014-10-12
.ssh/network-b-2014-11-22
I need to forward my network A key to the ssh gateway host for Network A
to allow me to log into hosts on the other side of the gateway but I
can't have the key for Network B to be forwarded. Similar thing for
Network B. Deleting and adding is painful at best. I've experimented
with IdentiesOnly=yes and IdentityFiles but on the network A gateway I
still see all of my loaded keys including Network B. Is there a way to
do this already? If not, would a Buzilla enhancement request be
welcome? Perhaps requesting something along the lines of:
Host network-a-gateway.example.com
ForwardIdentity .ssh/network-a-2014-10-12
and allow additional ForwardIndenty to allow additional keys.
Thank you,
Bill
More information about the openssh-unix-dev
mailing list