ability to select which identity to forward when using "ForwardAgent" ?

Jakob Schürz wertstoffe at schuerz.at
Fri Oct 9 09:27:50 AEDT 2020 

Do you know the ssh-option "IdentityAgent"?

Look in the man-pages.

I wrote in the last days some little scripts to automate all this...
inspired by ssh-ident (you can find on github).
I have to cleanup the code from some personalized stuff, then i can send
a github-link to this thread, where you can define and select easy which
identities are used for which connections.

I'm working with IdenityAgent and a Match-section in ~/.ssh/config


bye

jakob

Am 04.10.20 um 12:20 schrieb Pablo Escobar:
> Hi,
>
> I usually have around 10 identities loaded in my local ssh-agent and when I
> use the "ForwardAgent" option all them are forwarded to the remote server,
> which is not ideal. I usually only need to forward one (or two) of the
> identities and I would like to be able to choose which one(s) to forward.
>
> Looking for solutions it seems that the only option is to create a new
> ssh-agent, add the required identities and then do the forwarding as
> described in https://serverfault.com/a/1012678 but this is not very
> convenient for daily usage mainly when I need to connect to many different
> servers and all my private keys are password protected.
>
> I have also found an external tool to do it (
> https://github.com/tiwe-de/ssh-agent-filter ) but this tool doesn't seem to
> be actively maintained and a native openssh functionality would be
> preferred.
>
> Ideally it would be great to be able to add something like this to my
> ~/.ssh/config ( option "IdentitiesToForward" in this example doesn't exist
> and it's what I am missing)
>
> Host myserver
>      Hostname myserver.com
>      IdentityFile ~/.ssh/id_ed25519
>      ForwardAgent yes
>      IdentitiesToForward ~/.ssh/id_ed25519,~/.ssh/id_rsa
>
> Do you think this feature or any alternative providing similar
> functionality could be added to openssh?
>
> Or is there any existing alternative to do it which I missed checking the
> docs?
>
> thanks in advance for any help or advice.
> best regards,
> Pablo.
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

-- 
lore ipsum

More information about the openssh-unix-dev mailing list