Choose identity from ssh-agent by file name
Solution 1:
Guess I'll have to answer my own question, as there doesn't seem to be any way to request an identity by file name.
I wrote a quick-and-dirty Python scripts which creates a public key file in .ssh/fingerprints for every key the agent holds. I can then specify this file, which contains no secret key, using IdentityFile and SSH will pick the right identity from the SSH agent. Works perfectly fine, and allows me to use the agent for as many private keys I wish.
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""Dumps all public keys held by ssh-agent and stores them in ~/.ssh/fingerprints/, so that
they can be identified using the IdentityFile directive.
"""
import sys, os
import stat
import re
import envoy
RE_MATCH_FILENAME = re.compile(r'([^\\/:*?"<>|\r\n]+)\.\w{2,}$', re.IGNORECASE)
if os.getuid() == 0:
USERNAME = os.environ['SUDO_USER']
else:
USERNAME = os.environ['USER']
def error(message):
print "Error:", message
sys.exit(1)
def main():
keylist = envoy.run('ssh-add -L').std_out.strip('\n').split('\n')
if len(keylist) < 1:
error("SSH-Agent holds no indentities")
for key in keylist:
crypto, ckey, name = key.split(' ')
filename = os.path.join(os.environ['HOME'], '.ssh/fingerprints',
RE_MATCH_FILENAME.search(name).group(1)+'.pub')
with open(filename, 'w') as f:
print "Writing %s ..." % filename
f.write(key)
envoy.run('chmod 600 %s' % filename)
envoy.run('chown %s %s' % (USERNAME, filename))
if __name__ == '__main__':
main()
Solution 2:
Run
ssh-add -L | gawk ' { print $2 > $3 ".pub" } '
on the remote machine to automatically generate all the public key files (assuming the public keys in your .ssh/config are named privateKeyFileName.pub and no inconsitent paths are involved). Call chown $USER .ssh/* for your sudo case.
Solution 3:
Picking up from the accepted solution, and assuming you just want to reuse the identity used to gain access to the initial server, then something like:
Host github.com
IdentitiesOnly yes
IdentityFile ~/.ssh/authorized_keys
is sufficent.