FEATURE REQUEST: ssh agent should support "destination restrictions" #772
Comments
|
Interesting, have you seen the help article on mitigating this issue: https://strongbox.reamaze.com/kb/ssh-agent/ssh-agent We have a specific section on this: SSH Key Limits, Multiple Github Accounts and Key Specification |
|
Im aware of the solution editing the ssh config file and use the IdentityFile option. But who wants to edit config files if it is not necessary and why export id files? What I have tested - not with the ssh-agent solution of strongbox - but with the openssh ssh-agent is that I have installed the private keys for different computers. For example: Please note that I have added more than 6 private keys. After that I can create an ssh connection to any of the 7 computers without any additional ssh config. Since Strongbox already have the url property, Strongbox could parse the hostname from the url and make the similar behaviour like openssh ssh-agent does. |
|
Interesting idea. However, since there is already a well defined solution to this issue (config), it is unlikely we can schedule work on this anytime soon. |
Currently if I have more than 6 ssh keys enabled in the strongbox profile we have difficulties using them. We get "Too many authentication failures" back from the server.
OpenSSH 8.9 includes the ability to control how and where keys in ssh-agent may be used, both locally and when forwarded.
https://www.openssh.com/agent-restrict.html
In practice it means, that if we use ssh-add with the -h option, than we can have more than 6 private keys loaded into the agent and we won't run into the trouble of the too many authentication failures.
I request to implement the same behaviour ssh-agent/ssh-add has to avoid manually disabling ssh keys in strongbox.
The text was updated successfully, but these errors were encountered: