On Thu, Oct 15, 2015 at 07:02:58PM -0400, Nico Kadel-Garcia wrote: > On Thu, Oct 15, 2015 at 10:34 AM, hubert depesz lubaczewski > <depesz@xxxxxxxxxx> wrote: > > Hi, > > > > I'm in a situation where I'm using multiple SSH keys, each to connect to > > different set of servers. > > > > I can't load/unload keys on demand, as I usually am connected to at > > least 2 of such sets. > > I *just* went through some of this, to distinguish between github SSH > "deploykeys" and my personal key when connected to a remote server for > which I may wish to publish updates to github. > > I personally now set up a .ssh/config with "Host" entries specified > for different services and different "IdentityFile" services, to > ensure use of one local key or the other for a particular "Host" as > designated in .ssh/config. This does not require a real CNAME or valid > DNS for the target host, and lends itself well to automated services > where one upstream git repo requires a different SSH key than another. > > This does mean a private key on the server, which is its own risk. But > for automated, unattended git deployment, you make tradeoffs. So it's unacceptable for me - I have to have access to production servers - access to them, without password, from jump host, shouldn't be possible, but we can use ssh agent - which solves the problem. But the flip side is that using agent opens access to all keys in it from any connected host :( depesz _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev