I have two private ssh keys :
- one to access my personnal machines,
- one to access servers at my job.
I add those two keys to my ssh-agent with ssh-add
.
Now, when I do ssh -A root@jobsrv
I would like to forward agent authentication only for my job key (the one I'm using to connect jobsrv
).
I want this because anyone having root access to jobsrv
can use my agent to authenticate himself to my personnal machines.
Is there a way to achieve this isolation?
Best Answer
In order to force
ssh(1)
to use a particular key even ifssh-agent(1)
offers multiple ones, use theIdentityFile
andIdentitiesOnly
directive in~/.ssh/config
, e.g.:See
ssh_config(5)
for details.