Bug 2093

Summary: don't forward authentication for the whole keyring
Product: Portable OpenSSH Reporter: bugmenot
Component: ssh-agentAssignee: Assigned to nobody <unassigned-bugs>
Status: NEW ---    
Severity: enhancement CC: mindrot
Priority: P5    
Version: 5.5p1   
Hardware: All   
OS: All   

Description bugmenot 2013-04-17 07:03:17 AEST 
Note: I think this applies to both ssh (client) and ssh-agent. 

It would be nice to add an option to ssh so only the key used for authentication is forwarded when "ssh -A" is used. Consider the following case: 

I have two private ssh keys :

 - one to access my personnal machines,
 - one to access servers at my job.

I add those two keys to my ssh-agent with ssh-add.

Now, when I do "ssh -A root@jobsrv" I would like to forward agent authentication only for my job key (the one I'm using to connect jobsrv).

I want this because anyone having root access to jobsrv can use my agent to authenticate himself to my personnal machines.

Thank you.