Bug 2093 - don't forward authentication for the whole keyring
Summary: don't forward authentication for the whole keyring
Status: NEW
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh-agent (show other bugs)
Version: 5.5p1
Hardware: All All
: P5 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-04-17 07:03 AEST by bugmenot
Modified: 2014-05-19 13:09 AEST (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description bugmenot 2013-04-17 07:03:17 AEST 
Note: I think this applies to both ssh (client) and ssh-agent. 

It would be nice to add an option to ssh so only the key used for authentication is forwarded when "ssh -A" is used. Consider the following case: 

I have two private ssh keys :

 - one to access my personnal machines,
 - one to access servers at my job.

I add those two keys to my ssh-agent with ssh-add.

Now, when I do "ssh -A root@jobsrv" I would like to forward agent authentication only for my job key (the one I'm using to connect jobsrv).

I want this because anyone having root access to jobsrv can use my agent to authenticate himself to my personnal machines.

Thank you.