How to use ssh -i with a key from ssh-agent rather than from a file?

raf ssh at raf.org
Wed Sep 30 18:08:59 AEST 2020


On Wed, Sep 30, 2020 at 03:35:43PM +1000, Damien Miller <djm at mindrot.org> wrote:

> On Wed, 30 Sep 2020, raf wrote:
> 
> > Hi,
> > 
> > I have a VM with a git repository whose origin is on
> > github. I have several keys known to github, so I needed
> > to set git's core.sshcommand config parameter in the
> > repository to something like this:
> > 
> >   ssh -i ~/.ssh/id_ed25519_github2
> > 
> > But it meant that I needed to copy that key to the VM.
> > The same key is available via my forwarded ssh-agent
> > connection. Is it possible to tell ssh to use that
> > instead of the key in a file? The documentation for the
> > -i option only mentions files.
> 
> ssh will read the public key (id_ed25519_github2.pub) to identify the key
> before it tries to use the private key (id_ed25519_github2). If the private
> key is available in the agent then it will never try to use the private key
> file.
> 
> Summary: copy id_ed25519_github2.pub to your VM and the above command will
> work.
> 
> -d

Hi Damien,

Thanks. That's brilliant.
It should get a mention in the manpage.
I've attached a patch for ssh.1.

However, I've just tried it and it didn't work for me. :-(

  $ git config core.sshcommand
  ssh -i ~/.ssh/id_ed25519_github2

  $ ls -l ~/.ssh/id*
  -rw-r--r-- 1 raf raf 110 Dec 19  2019 /home/raf/.ssh/id_ed25519_github2.pub

  $ cat ~/.ssh/id_ed25519_github2.pub
  ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHrmJ0gYTmZlilDBB/BsyOHqOT354aDLWgULmMPXRkJK user at domain.com

  $ ssh-add -L
  ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHrmJ0gYTmZlilDBB/BsyOHqOT354aDLWgULmMPXRkJK user at domain.com
  [...]

  $ git pull
  Warning: Identity file /home/raf/.ssh/id_ed25519_aps_github not accessible: No such file or directory.
  ERROR: Repository not found.
  [...]

  $ ssh -V
  OpenSSH_7.4p1 Debian-10+deb9u7, OpenSSL 1.0.2u  20 Dec 2019

Perhaps this version of ssh is too old for this to work?

Regards,
Robert

-------------- next part --------------
A non-text attachment was scrubbed...
Name: ssh.1.patch
Type: text/x-diff
Size: 517 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20200930/d44ec270/attachment.bin>


More information about the openssh-unix-dev mailing list