>>>>> "MJ" == Mark Jacobs writes:

MJ> We have one user that has to ssh to two different accounts on the
MJ> same server. The server administrator requires that the two
MJ> accounts have different public keys.

MJ> Outside of having two separate private keys associated with each
MJ> public key is there an easier way to manage the process? I tried
MJ> having both private keys in the id_dsa file but that didn't seem
MJ> to work.

Use ssh-agent, or the IdentityFile keyword in ~/.ssh/config.

--
Richard Silverman
res@qoxp.net

Richard E. Silverman wrote:

>>>>>> "MJ" == Mark Jacobs writes:
>
> MJ> We have one user that has to ssh to two different accounts on the
> MJ> same server. The server administrator requires that the two
> MJ> accounts have different public keys.
>
> MJ> Outside of having two separate private keys associated with each
> MJ> public key is there an easier way to manage the process? I tried
> MJ> having both private keys in the id_dsa file but that didn't seem
> MJ> to work.
>
> Use ssh-agent, or the IdentityFile keyword in ~/.ssh/config.
>

ssh-agent is not an option in this environment. Can there be more than one
IdentityFile option in the configuration file, with ssh using each one when
authentication is attempted?

Mark Jacobs

>> MJ> We have one user that has to ssh to two different accounts on the
>> MJ> same server. The server administrator requires that the two
>> MJ> accounts have different public keys.

If they are the same user what justification has the server administrator
for this?

--
Elvis Notargiacomo master AT barefaced DOT cheek
http://www.notatla.org.uk/goen/

Mark Jacobs writes:

>ssh-agent is not an option in this environment. Can there be more than one
>IdentityFile option in the configuration file, with ssh using each one when
>authentication is attempted?

In ~/.ssh/config you can have a separate section for each hostname,
specifying the defaults for connecting to that host. Check the man
page.

Neil W Rickert wrote:

> Mark Jacobs writes:
>
>>ssh-agent is not an option in this environment. Can there be more than one
>>IdentityFile option in the configuration file, with ssh using each one
>>when authentication is attempted?
>
> In ~/.ssh/config you can have a separate section for each hostname,
> specifying the defaults for connecting to that host. Check the man
> page.

I haven't check yet but does that feature work for two accounts on the same
server, i.e. user1@host and user2@host each one requireing separate public
keys?

Mark Jacobs

all mail refused wrote:

>>> MJ> We have one user that has to ssh to two different accounts on
>>> the MJ> same server. The server administrator requires that the two
>>> MJ> accounts have different public keys.
>
> If they are the same user what justification has the server administrator
> for this?
>
Its policy, doesn't mean it has to make sense.

Mark Jacobs

>>>>> "MJ" == Mark Jacobs writes:

MJ> Neil W Rickert wrote:
>> Mark Jacobs writes:
>>
>>> ssh-agent is not an option in this environment. Can there be more
>>> than one IdentityFile option in the configuration file, with ssh
>>> using each one when authentication is attempted?
>> In ~/.ssh/config you can have a separate section for each
>> hostname, specifying the defaults for connecting to that host.
>> Check the man page.

MJ> I haven't check yet but does that feature work for two accounts on
MJ> the same server, i.e. user1@host and user2@host each one
MJ> requireing separate public keys?

You can have different aliases for it, but even that's not necessary -- a
single global set of IdentityFile statements will have the client try all
of them.

--
Richard Silverman
res@qoxp.net