On 01/02/15 13:52, Bill Nugent wrote:
Howdy,
I'm looking for a way to restrict which ssh keys are forwarded to a
given remote host because we have several ssh domains. That is, I have
two keys which I use throughout the day:
.ssh/network-a-2014-10-12
.ssh/network-b-2014-11-22
I need to forward my network A key to the ssh gateway host for Network A
to allow me to log into hosts on the other side of the gateway but I
can't have the key for Network B to be forwarded. Similar thing for
Network B. Deleting and adding is painful at best. I've experimented
with IdentiesOnly=yes and IdentityFiles but on the network A gateway I
still see all of my loaded keys including Network B. Is there a way to
do this already? If not, would a Buzilla enhancement request be
welcome? Perhaps requesting something along the lines of:
In addition of using two agents, you can stop forwarding your keys to
the gateway.
Instead, use a ProxyCommand to locally establish the connection to the
hosts inside
(you will pass through the gateway, but the ssh process is local, and
will honor your
IdentityFile setting). The problem was that the IdentityFile was being
honored by
the ssh at the gateway host, the agent doesn't have that knowledge.
Cheers
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev