Re: Filtering which identities are forwarded by ssh-agent to a given host

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 01/02/15 13:52, Bill Nugent wrote:
Howdy,

I'm looking for a way to restrict which ssh keys are forwarded to a
given remote host because we have several ssh domains.  That is, I have
two keys which I use throughout the day:
   .ssh/network-a-2014-10-12
   .ssh/network-b-2014-11-22

I need to forward my network A key to the ssh gateway host for Network A
to allow me to log into hosts on the other side of the gateway but I
can't have the key for Network B to be forwarded.  Similar thing for
Network B.  Deleting and adding is painful at best.  I've experimented
with IdentiesOnly=yes and IdentityFiles but on the network A gateway I
still see all of my loaded keys including Network B.  Is there a way to
do this already?  If not, would a Buzilla enhancement request be
welcome?  Perhaps requesting something along the lines of:
In addition of using two agents, you can stop forwarding your keys to the gateway. Instead, use a ProxyCommand to locally establish the connection to the hosts inside (you will pass through the gateway, but the ssh process is local, and will honor your IdentityFile setting). The problem was that the IdentityFile was being honored by
the ssh at the gateway host, the agent doesn't have that knowledge.

Cheers

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux