On Wed, Sep 30, 2020 at 03:35:43PM +1000, Damien Miller <djm@xxxxxxxxxxx> wrote: > On Wed, 30 Sep 2020, raf wrote: > > > Hi, > > > > I have a VM with a git repository whose origin is on > > github. I have several keys known to github, so I needed > > to set git's core.sshcommand config parameter in the > > repository to something like this: > > > > ssh -i ~/.ssh/id_ed25519_github2 > > > > But it meant that I needed to copy that key to the VM. > > The same key is available via my forwarded ssh-agent > > connection. Is it possible to tell ssh to use that > > instead of the key in a file? The documentation for the > > -i option only mentions files. > > ssh will read the public key (id_ed25519_github2.pub) to identify the key > before it tries to use the private key (id_ed25519_github2). If the private > key is available in the agent then it will never try to use the private key > file. > > Summary: copy id_ed25519_github2.pub to your VM and the above command will > work. > > -d Hi Damien, Thanks. That's brilliant. It should get a mention in the manpage. I've attached a patch for ssh.1. However, I've just tried it and it didn't work for me. :-( $ git config core.sshcommand ssh -i ~/.ssh/id_ed25519_github2 $ ls -l ~/.ssh/id* -rw-r--r-- 1 raf raf 110 Dec 19 2019 /home/raf/.ssh/id_ed25519_github2.pub $ cat ~/.ssh/id_ed25519_github2.pub ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHrmJ0gYTmZlilDBB/BsyOHqOT354aDLWgULmMPXRkJK user@xxxxxxxxxx $ ssh-add -L ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHrmJ0gYTmZlilDBB/BsyOHqOT354aDLWgULmMPXRkJK user@xxxxxxxxxx [...] $ git pull Warning: Identity file /home/raf/.ssh/id_ed25519_aps_github not accessible: No such file or directory. ERROR: Repository not found. [...] $ ssh -V OpenSSH_7.4p1 Debian-10+deb9u7, OpenSSL 1.0.2u 20 Dec 2019 Perhaps this version of ssh is too old for this to work? Regards, Robert
diff --git a/ssh.1 b/ssh.1 index 55531788..25cbf99c 100644 --- a/ssh.1 +++ b/ssh.1 @@ -297,6 +297,14 @@ It is possible to have multiple .Fl i options (and multiple identities specified in configuration files). +If the private key is in +.Xr ssh-agent 1 +rather than in a file, +.Nm +will try to load the public key from the filename +obtained by appending +.Pa .pub +to identify the corresponding private key in the agent. If no certificates have been explicitly specified by the .Cm CertificateFile directive,
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
