Use a specific forwarded key from SSH-agent?

Solution 1:

You got the right idea. The only part you are missing is that the file pointed to by IdentityFile must exist. It does not need to contain a private key, having just the public key available is sufficient.

On host B you can extract the public key from the agent by typing ssh-add -L | grep /Users/doxna/.ssh/id_rsa.github > ~/.ssh/id_rsa.github.pub and then point to that file from ~/.ssh/config

Solution 2:

Nice answer from @Kasperd, but note also that if Host B is compromised, or if you don't trust all those with root privileges there, then you're still exposing all of your keys to abuse for as long as you're logged in on that host.

So a better approach might be to only forward access to the keys you need. Maybe try ssh-agent-filter which is in debian / Ubuntu repositories, or from github.

EDIT: I've settled on ssh-ident rather than ssh-agent-filter for forwarding keys selectively, though it's not as smooth an experience as one might hope for.

Tags:

Ssh

Ssh Agent