It's possible to use a proxy to filter the SSH agent connections. I found this https://github.com/tiwe-de/ssh-agent-filter, but it didn't meet our exact needs to allow multiple users to share an identity so I implemented https://github.com/blueboxgroup/sshagentmux. -Dustin On Sun, Mar 13, 2016 at 4:14 PM, Darren Tucker <dtucker@xxxxxxxxxx> wrote: > On Sat, Mar 12, 2016 at 8:30 AM, Tim Spriggs <imoverclocked@xxxxxxxxx> > wrote: > > Hi OpenSSH peeps! > > > > I have looked around a few man pages and the usual sources of > > information but I can't seem to find a way to only forward specific > > identities to some hosts. What I would really like to have is a way to > > only forward the identity that gave me a successful auth: > > Right now ssh (which forwards the request to the agent) doesn't > understand the agent protocol, so it can't differentiate. It's > something Damien has mentioned as something we'd like to add but I > don't know of any concrete plans. > > In the mean time, you could use a separate agent for the key in > question and point $SSH_AUTH_SOCK at the appropriate socket. > > -- > Darren Tucker (dtucker at zip.com.au) > GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 > Good judgement comes with experience. Unfortunately, the experience > usually comes from bad judgement. > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev