Re: PrivateKeyCommand config idea

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hey Andy,

Thanks for your input.

> I personally think the ssh-agent suggestion works poorly. It's fine if one's goal is to configure an agent for all connections made by the running user. But if you want to do it per host, then something needs to start the agent and something needs to tell it when it's done.

Personally, through a combination of sk keys, daily certificates, and ControlMasters, I don't usually have an agent on by default. Without a need to frequently cache passphrases, and preferring to avoid workflows that rely on agent forwarding, I only activate an agent selectively.

Part of what the IdentityCommand change would give me, if it were implemented, is I would no longer need to manually add ssh-agent to terminals or shells where I'll be running `git review` a lot :) I would just be able to make a one-line change to my ssh config and then everything will "just work" on every machine where I set things up identically.

As an aside, for general interest, when agents *are* needed, I have a Match stanza in client config to namespace ControlMasters. This helps avoid cross-talk between agents:

  Match exec "[[ -n $SSH_AGENT_PID ]]"
      ControlPath ~/.ssh/cm/agent-${SSH_AGENT_PID}_%r@%n:%p

  Host *
      ControlPath ~/.ssh/cm/%r@%n:%p


~ Tim

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux