IdentitiesOnly + ssh-agent

I’m really hoping that someone can provide me with some enlightenment.

I have a lot of ssh keys. 6 by today’s count. On my desktop I have my ssh configured with IdentitiesOnly yes and an IdentityFile for each host. This works great.

I then forward my agent to my dev VM. I can see the keys with ssh-add -l. So far so good. If I then ssh into a host, I can see it trying every key from the agent in sequence, which is sometimes going to fail with too many keys tried. However, if I try IdentitiesOnly yes in my dev VM config, it doesn’t offer any keys, if I add IdentityFile it doesn’t work because I don’t have those key files on my VM.

So what’s the solution? What I want is to specify identities by their identifier in the agent, e.g. danni@github, however I can’t see config to do that. Anyone got a nifty solution?

About Danielle

Danielle is an Australian software engineer, computer scientist and feminist. She doesn't really work on GNOME any more (sadly). Opinions and writing are solely her own and so not represent her employer, the GNOME Foundation, or anyone else but herself.
This entry was posted in Uncategorized. Bookmark the permalink.

8 Responses to IdentitiesOnly + ssh-agent

  1. Matt says:

    Run an agent per key, and have some script to set SSH_AUTH_SOCK on your PC? Or do you need all the keys?

  2. Tobias Florek says:

    you will have to set `IdentityFile` for the `Host` you need. e.g.:

    Host *.gnome.org
    IdentityFile ~/.ssh/id_gnome

    (as you see, you can use wildcards.)

  3. Danielle says:

    @Tobias: the problem is those IdentityFile’s don’t exist on the VM and so it doesn’t work.

  4. Danielle says:

    @Matt: hmm, kind of gross, especially because I was hoping to continue to use GNOME’s keyring management to authorize my key access. I do need at least two of them on the VM.

  5. Craig says:

    “I have a lot of ssh keys. 6 by today‚Äôs count.”

    Patient: “Doctor, it hurts when I do this.”

    Doctor: “well don’t do it then.”

  6. Stijn Hoop says:

    You do need to set IdentityFile, which you can use even without the file present – I use this daily as well. As long as the paths match up to the paths that you get with ssh-add -l, it should work.

  7. I’ve solved this by always using the public key in the IdentityFile directive, eg. “IdentityFile ~/.ssh/id_rsa.gitorious.pub”. In this way I can push only the public key to the VM to make IdentityFile work.

    I don’t use IdentitiesOnly since setting IdentityFile for each host has been enough for me.

  8. Danielle says:

    @Stijn: see, I feel like it used to work, but now it doesn’t.

Comments are closed.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>