Re: ability to select which identity to forward when using "ForwardAgent" ?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Sun, Oct 4, 2020 at 1:37 PM Lars Noodén <lars.nooden@xxxxxxx> wrote:

> One work-around [1] is to use an alias.
>
>   alias assh="ssh-agent ssh -o AddKeysToAgent=confirm \
>         -o ForwardAgent=yes"
>
> That approach will still respect what's in ssh_config(5) except for the
> two options it overrides.
>

Thanks for the suggestion. In a quick test the two drawbacks I found with
this approach are:

1) As I start a new agent I have to type the passwords for my private keys
again even if I already added them to my previously existing agent. When
using a bastion host with a different private key and the ssh option
"ProxyJump" or "ProxyCommand" this means typing two passwords.
2) bash autocomplete is not working when using an alias. I use autocomplete
a lot because I have few dozens of hosts entries in my ~/.ssh/config

In any case this seems the best alternative and I will use this approach by
now. I only wanted to mention the drawbacks I noticed in case this
information is useful for someone else.

Thanks for your advice.

regards,
Pablo.



>
> /Lars
>
> [1] https://vincent.bernat.ch/en/blog/2020-safer-ssh-agent-forwarding
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@xxxxxxxxxxx
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux