How to specify identity with forwarded agent? - SSH

This is a discussion on How to specify identity with forwarded agent? - SSH ; I've loaded a couple of keys into the ssh-agent on my workstation, then done 'ssh -A hosta'. Now I want to use a specific key to go from hosta to hostb, but when I add '-i idfile', hosta complains that ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: How to specify identity with forwarded agent?

  1. How to specify identity with forwarded agent?


    I've loaded a couple of keys into the ssh-agent on my workstation, then
    done 'ssh -A hosta'. Now I want to use a specific key to go from hosta
    to hostb, but when I add '-i idfile', hosta complains that it doesn't
    exist. It's right of course, it is back on my WS.

    I've tried with and without paths, and exactly what 'ssh-add -l' shows
    me on hosta, but no joy. Can somebody offer a clue?

    All systems OpenSSH 4.1p1, WS is Linux, hosta & hostb are AIX 5.3
    --
    George Baltz N3GB
    Computer Sciences Corp Rule of thumb: ANYthing offered
    @NOAA/NESDIS/IPD by unsolicited email is a hoax,
    Suitland, MD 20746 ripoff, scam or outright fraud.


  2. Re: How to specify identity with forwarded agent?

    George Baltz wrote:
    > I've loaded a couple of keys into the ssh-agent on my workstation, then
    > done 'ssh -A hosta'. Now I want to use a specific key to go from hosta
    > to hostb, but when I add '-i idfile', hosta complains that it doesn't
    > exist. It's right of course, it is back on my WS.
    >
    > I've tried with and without paths, and exactly what 'ssh-add -l' shows
    > me on hosta, but no joy. Can somebody offer a clue?
    >
    > All systems OpenSSH 4.1p1, WS is Linux, hosta & hostb are AIX 5.3


    Just install the appropriate public keys into the appropriate
    authorized_keys files. Load all the matching private keys into the agent
    and it should use the right one depending on which user/server you're
    connecting to.

  3. Re: How to specify identity with forwarded agent?

    On Mon, 03 Jul 2006 16:02:43 +0000, Chuck wrote:

    > George Baltz wrote:
    >> I've loaded a couple of keys into the ssh-agent on my workstation, then
    >> done 'ssh -A hosta'. Now I want to use a specific key to go from hosta
    >> to hostb, but when I add '-i idfile', hosta complains that it doesn't
    >> exist. It's right of course, it is back on my WS.
    >>
    >> I've tried with and without paths, and exactly what 'ssh-add -l' shows
    >> me on hosta, but no joy. Can somebody offer a clue?
    >>
    >> All systems OpenSSH 4.1p1, WS is Linux, hosta & hostb are AIX 5.3

    >
    > Just install the appropriate public keys into the appropriate
    > authorized_keys files. Load all the matching private keys into the agent
    > and it should use the right one depending on which user/server you're
    > connecting to.


    I have all the keys in the agent - I just want to select which one it
    uses, as they are tied to different forced commands on hostb.


    --
    George Baltz N3GB
    Computer Sciences Corp Rule of thumb: ANYthing offered
    @NOAA/NESDIS/IPD by unsolicited email is a hoax,
    Suitland, MD 20746 ripoff, scam or outright fraud.


  4. Re: How to specify identity with forwarded agent?

    George Baltz wrote:
    > On Mon, 03 Jul 2006 16:02:43 +0000, Chuck wrote:
    >
    >> George Baltz wrote:
    >>> I've loaded a couple of keys into the ssh-agent on my workstation, then
    >>> done 'ssh -A hosta'. Now I want to use a specific key to go from hosta
    >>> to hostb, but when I add '-i idfile', hosta complains that it doesn't
    >>> exist. It's right of course, it is back on my WS.
    >>>
    >>> I've tried with and without paths, and exactly what 'ssh-add -l' shows
    >>> me on hosta, but no joy. Can somebody offer a clue?
    >>>
    >>> All systems OpenSSH 4.1p1, WS is Linux, hosta & hostb are AIX 5.3

    >> Just install the appropriate public keys into the appropriate
    >> authorized_keys files. Load all the matching private keys into the agent
    >> and it should use the right one depending on which user/server you're
    >> connecting to.

    >
    > I have all the keys in the agent - I just want to select which one it
    > uses, as they are tied to different forced commands on hostb.
    >
    >


    Can you set up different users on hostb, one for each forced command?

  5. Re: How to specify identity with forwarded agent?

    On Mon, 03 Jul 2006 16:57:46 +0000, Chuck wrote:

    > George Baltz wrote:
    >> On Mon, 03 Jul 2006 16:02:43 +0000, Chuck wrote:
    >>
    >>> George Baltz wrote:
    >>>> I've loaded a couple of keys into the ssh-agent on my workstation,
    >>>> then done 'ssh -A hosta'. Now I want to use a specific key to go from
    >>>> hosta to hostb, but when I add '-i idfile', hosta complains that it
    >>>> doesn't exist. It's right of course, it is back on my WS.
    >>>>
    >>>> I've tried with and without paths, and exactly what 'ssh-add -l' shows
    >>>> me on hosta, but no joy. Can somebody offer a clue?
    >>>>
    >>>> All systems OpenSSH 4.1p1, WS is Linux, hosta & hostb are AIX 5.3
    >>> Just install the appropriate public keys into the appropriate
    >>> authorized_keys files. Load all the matching private keys into the
    >>> agent and it should use the right one depending on which user/server
    >>> you're connecting to.

    >>
    >> I have all the keys in the agent - I just want to select which one it
    >> uses, as they are tied to different forced commands on hostb.
    >>
    >>
    >>

    > Can you set up different users on hostb, one for each forced command?


    No, unfortunately not. I could fall back to a wrapper as forced command,
    but then I lose the end-to-end public-key benefits.

    --
    George Baltz N3GB
    Computer Sciences Corp Rule of thumb: ANYthing offered
    @NOAA/NESDIS/IPD by unsolicited email is a hoax,
    Suitland, MD 20746 ripoff, scam or outright fraud.


  6. Re: How to specify identity with forwarded agent?

    On 2006-07-03, George Baltz wrote:
    > On Mon, 03 Jul 2006 16:02:43 +0000, Chuck wrote:
    >
    >> George Baltz wrote:
    >>> I've loaded a couple of keys into the ssh-agent on my workstation, then
    >>> done 'ssh -A hosta'. Now I want to use a specific key to go from hosta
    >>> to hostb, but when I add '-i idfile', hosta complains that it doesn't
    >>> exist. It's right of course, it is back on my WS.
    >>>
    >>> I've tried with and without paths, and exactly what 'ssh-add -l' shows
    >>> me on hosta, but no joy. Can somebody offer a clue?
    >>>
    >>> All systems OpenSSH 4.1p1, WS is Linux, hosta & hostb are AIX 5.3

    [...]
    > I have all the keys in the agent - I just want to select which one it
    > uses, as they are tied to different forced commands on hostb.


    The fingerprint which determines which key is used by the agent is
    generated from the public key.

    It's not very elegant but copying just the public key onto the
    intermediate host and using IdentitiesOnly to select just that key should
    work, ie

    ws$ scp ~/.ssh/mykey.pub hosta:.ssh/mykey.pub
    ws$ ssh -o forwardagent=yes hosta
    hosta$ ssh -i ~/.ssh/mykey -o identitiesonly=yes hostb

    --
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.

  7. Re: How to specify identity with forwarded agent?

    On Tue, 04 Jul 2006 11:22:30 +0000, Darren Tucker wrote:

    > On 2006-07-03, George Baltz wrote:
    >> On Mon, 03 Jul 2006 16:02:43 +0000, Chuck wrote:
    >>
    >>> George Baltz wrote:
    >>>> I've loaded a couple of keys into the ssh-agent on my workstation,
    >>>> then done 'ssh -A hosta'. Now I want to use a specific key to go from
    >>>> hosta to hostb, but when I add '-i idfile', hosta complains that it
    >>>> doesn't exist. It's right of course, it is back on my WS.
    >>>>
    >>>> I've tried with and without paths, and exactly what 'ssh-add -l' shows
    >>>> me on hosta, but no joy. Can somebody offer a clue?
    >>>>
    >>>> All systems OpenSSH 4.1p1, WS is Linux, hosta & hostb are AIX 5.3

    > [...]
    >> I have all the keys in the agent - I just want to select which one it
    >> uses, as they are tied to different forced commands on hostb.

    >
    > The fingerprint which determines which key is used by the agent is
    > generated from the public key.


    Aha. That explains a lot.

    Is there any way I can specify that fingerprint directly?

    >
    > It's not very elegant but copying just the public key onto the
    > intermediate host and using IdentitiesOnly to select just that key should
    > work, ie
    >
    > ws$ scp ~/.ssh/mykey.pub hosta:.ssh/mykey.pub ws$ ssh -o forwardagent=yes
    > hosta
    > hosta$ ssh -i ~/.ssh/mykey -o identitiesonly=yes hostb


    I was trying to avoid any writing on hosta by the user, not even (no,
    especially) $HOME. I guess I could do that as part of the setup.

    Thank you very large.
    --
    George Baltz N3GB
    Computer Sciences Corp Rule of thumb: ANYthing offered
    @NOAA/NESDIS/IPD by unsolicited email is a hoax,
    Suitland, MD 20746 ripoff, scam or outright fraud.


+ Reply to Thread