I want to write an SSH agent that knows what user/host you're trying to connect to, but the protocol doesn't provide that. So I just had a ridiculous idea. What if I make a FUSE filesystem that materializes listening UNIX sockets on the fly, and set IdentityAgent to <fs>/%r@%h
-
I was going to recommend something like that. Does IdentitiesOnly and IdentityFile change your need at all?
But that wouldn't allow nice handling of proxies or good jailing of the agent.
The client does not actually hold the private key, so I have to use agent mode. The goal is to have an agent server give you access to the key you need, but it needs to know what you're trying to connect to.
-
-
So, centrally managed keys that you’re trying to interface with like a (forwarded) agent? Thus the “”agent needs to know what key you need so that it can provide it to you?
-
Correct. It's a design for a central authentication system that does not require deeply integrated target hosts (no LDAP/cert system/uniform key management) and can provide auditing (no just shoving people's personal private keys into all authorized_keys files).
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.