Replies: 3 comments 1 reply
-
Last time I took a look at this I blocked it because we wanted to do it following what the standard .ssh/config file format would dictate. There is the AddKeysToAgent flag, and that would add the IdentityFile keys (https://man7.org/linux/man-pages/man5/ssh_config.5.html). I’m not completely sold on that, as I usually separate my keys and do not want a “login” key to then make it to the other side in a “generic” way. We could provide our own interface and corresponding config file to even have different “agents” for different sets of hosts, etc… At the same time, there are changes coming up to the OpenSSH Agent itself (ie https://www.openssh.com/agent-restrict.html), so for now we thought it may make sense to wait and see what they come up with as well. Please leave us your thoughts! |
Beta Was this translation helpful? Give feedback.
-
@carloscabanero I've tried to set AddKeyToAgent on the host config and it didn't work, I see the key in On the point of having finer control over the keys, I think the app should not impose the use of a "login" key and make mandatory to have it available on the host. I think the main goal here is to provide a more efficient flow for a specific use case. You'd still be able to use your flow while supporting a simpler flow for whoever wants to buy into it. In any case I'm happy to use a configuration like |
Beta Was this translation helpful? Give feedback.
-
When the default agent is configured to confirm signature requests, this also applies to connections initiated by Blink. It seems that setting up a default agent effectively makes the agent used by Blink itself. That is how SSH behaves on my computer as well; but I did not expect to have to confirm signature requests made by Blink. I think if If I set a per-connection agent, then it behaves as I expect. The agent is not used for the connection itself, but is made available to the other side of the connection, and confirmation is requested when something on the other side tries to use the agent. However, I could not find a way to set up a per-connection agent via I don't generally want to run an agent or forward, but sometimes it is necessary -- hence I like to lock it down as much as possible, as per the Blink documentation. |
Beta Was this translation helpful? Give feedback.
-
I would like to request an option on the host to enable Agent forwarding by default with the key already added to it.
Currently it is necessary to call ssh-add KEY_NAME and then ssh -a HOST.
Would be great to just either have the relevant ssh key added to the agent by default or have an option per host to select keys to forward. (forwarding all is also ok, prolly worth having a setting to disable it).
Beta Was this translation helpful? Give feedback.
All reactions