I’m really hoping that someone can provide me with some enlightenment.
I have a lot of ssh keys. 6 by today’s count. On my desktop I have my ssh configured with
IdentitiesOnly yes and an
IdentityFile for each host. This works great.
I then forward my agent to my dev VM. I can see the keys with
ssh-add -l. So far so good. If I then ssh into a host, I can see it trying every key from the agent in sequence, which is sometimes going to fail with too many keys tried. However, if I try
IdentitiesOnly yes in my dev VM config, it doesn’t offer any keys, if I add
IdentityFile it doesn’t work because I don’t have those key files on my VM.
So what’s the solution? What I want is to specify identities by their identifier in the agent, e.g. danni@github, however I can’t see config to do that. Anyone got a nifty solution?
8 thoughts on “IdentitiesOnly + ssh-agent”
Run an agent per key, and have some script to set SSH_AUTH_SOCK on your PC? Or do you need all the keys?
you will have to set `IdentityFile` for the `Host` you need. e.g.:
(as you see, you can use wildcards.)
@Tobias: the problem is those IdentityFile’s don’t exist on the VM and so it doesn’t work.
@Matt: hmm, kind of gross, especially because I was hoping to continue to use GNOME’s keyring management to authorize my key access. I do need at least two of them on the VM.
“I have a lot of ssh keys. 6 by today’s count.”
Patient: “Doctor, it hurts when I do this.”
Doctor: “well don’t do it then.”
You do need to set IdentityFile, which you can use even without the file present – I use this daily as well. As long as the paths match up to the paths that you get with ssh-add -l, it should work.
I’ve solved this by always using the public key in the IdentityFile directive, eg. “IdentityFile ~/.ssh/id_rsa.gitorious.pub”. In this way I can push only the public key to the VM to make IdentityFile work.
I don’t use IdentitiesOnly since setting IdentityFile for each host has been enough for me.
@Stijn: see, I feel like it used to work, but now it doesn’t.