On Sun, Feb 1, 2015 at 2:52 PM, Bill Nugent <whn@xxxxxxxx> wrote: > > Howdy, > > I'm looking for a way to restrict which ssh keys are forwarded to a > given remote host because we have several ssh domains. That is, I have > two keys which I use throughout the day: > .ssh/network-a-2014-10-12 > .ssh/network-b-2014-11-22 I think best is to run two agents, load keys of each network to each agent and at that context use ssh. > > I need to forward my network A key to the ssh gateway host for Network A > to allow me to log into hosts on the other side of the gateway but I > can't have the key for Network B to be forwarded. Similar thing for > Network B. Deleting and adding is painful at best. I've experimented > with IdentiesOnly=yes and IdentityFiles but on the network A gateway I > still see all of my loaded keys including Network B. Is there a way to > do this already? If not, would a Buzilla enhancement request be > welcome? Perhaps requesting something along the lines of: > > Host network-a-gateway.example.com > ForwardIdentity .ssh/network-a-2014-10-12 > and allow additional ForwardIndenty to allow additional keys. Maybe a simpler and more secure alternative can be having AgentEnvironmentKey or something similar to enable ssh to use multiple agents based on the Host's ssh_config, so you actually refer to agent and not specific keys that are shared within single agent. > > Thank you, > Bill > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev