On Wed, Sep 30, 2020 at 07:45:20PM +1000, Damien Miller <djm@xxxxxxxxxxx> wrote: > On Wed, 30 Sep 2020, raf wrote: > > > Thanks. That's brilliant. > > It should get a mention in the manpage. > > I've attached a patch for ssh.1. > > > > However, I've just tried it and it didn't work for me. :-( > > > > $ git config core.sshcommand > > ssh -i ~/.ssh/id_ed25519_github2 > > Personally, I find it easier to use ~/.ssh/config for this sort of > configuration: > > Host github.com > User git > IdentityFile ~/.ssh/id_ed25519_github2 > IdentitiesOnly yes # Don't use other keys in agent or on disk > > You can then also "ssh -vvv github.com true" to see what is going wrong. > > -d I'd agree in general, but not in this instance. Since I have multiple github accounts and hence multiple keys for that user/server combination, each one leading to a different github account, I would also have to create a server name alias for each key, and put configurations for each of them in the config file. Just running a git config command per repository, and keeping the config with the repository, seems simpler to me. Also, I don't think that your example would actually solve my problem, which is the desire to get the key from the agent rather than from a file on disk. Your example above explicitly prevents ssh from using the agent with "IdentitiesOnly yes". Does this mean that your original suggestion doesn't work, even on later versions of ssh? New question: If I do create a key-specific hostname alias for each of my github accounts in the ~/.ssh/config file, can I do it in the config file that is where my private keys are (and will that config be forwarded to the VM), or would this config need to be local to the VM? I expect that config settings probably wouldn't be forwarded via the agent. If this config has to be local to the VM, I still don't know how to tell it to get the specified key from the agent. I suppose I can put up with having the private key in the VM. It's on a laptop where the private key is anyway. It's just that I had to delete it before exporting the VM to send to someone else. But I can put it back. But if anyone does implement your original suggestion, that would be great for anyone with multiple github accounts. An alternative would be to change IdentityFile to also accept a fingerprint/hash/keygrip, or add a new config parameter IdentityKey which takes a fingerprint/hash/keygrip argument to make it clear that the key could come from the agent (or an unspecified file). Just a thought. Thanks for your time and suggestions. cheers, raf _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
