Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fallback to forwarding to another ssh-agent for unsupported or unknown keys #19

Open
andreicek opened this issue May 11, 2020 · 7 comments
Labels
enhancement New feature or request

Comments

@andreicek
Copy link

Is it possible to add other types of SSH keys to the agent as well? Currently, I can't add RSA or ed25519 keys.

/Users/andreicek/maandagapp% ssh-add ~/.ssh/id_rsa
Enter passphrase for /Users/andreicek/.ssh/id_rsa:
Could not add identity "/Users/andreicek/.ssh/id_rsa": agent refused operation
/Users/andreicek/maandagapp% ssh-add ~/.ssh/id_ed25519
Enter passphrase for /Users/andreicek/.ssh/id_ed25519:
Could not add identity "/Users/andreicek/.ssh/id_ed25519": agent refused operation
@FiloSottile
Copy link
Owner

I've considered this feature a few times, but it seems like configuring the agent on a per-host basis would work for those use cases.

https://github.com/FiloSottile/yubikey-agent#coexisting-with-other-ssh-agents

Does this work for you?

@andreicek
Copy link
Author

I've seen this part of the README but I was wondering if you ever wanted to do this.

@FiloSottile
Copy link
Owner

It depends on whether it's necessary to handle use cases not covered by the IdentityAgent solution. Can you help me understand if and why IdentityAgent wouldn't work for you?

@FiloSottile FiloSottile added the waiting for info Needs more information from the reporter label May 13, 2020
@nsushkin
Copy link

Perhaps agent forwarding is the use case? I want to run yubikey-agent on my laptop, then ssh to a server with agent forwarded. and check out my git repo on the server, while my private key is still in the Yubikey. But I also have other ssh keys.

@FiloSottile FiloSottile added enhancement New feature or request and removed waiting for info Needs more information from the reporter labels Jun 20, 2020
@FiloSottile
Copy link
Owner

That does sound like a use case for forwarding, yes.

Now the question is if it's common enough to justify the complexity. I am not convinced but will leave this open to collect feedback.

@FiloSottile FiloSottile changed the title Failback to ssh_agent Fallback to forwarding to another ssh-agent for unsupported or unknown keys Jun 20, 2020
@axxelG
Copy link

axxelG commented Dec 22, 2020

My use case for this feature + most of my colleagues:
We have (at least) two keys. One for work and for for private use. Setting up different configs per host/domain is tedious and easy to forget.
For Windows users it get's even more complicated if they want to use their keys in Windows and WSL.

Maybe it es easier to just forward failing requests and "ssh-add-requests" to another ssh-agent listening on a different socket.

@rhansen
Copy link

rhansen commented Sep 9, 2021

Related GnuPG gpg-agent feature request: https://dev.gnupg.org/T5494

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

5 participants