multiple identities

Question

multiple identities

plueschi opened this issue 8 years ago · 4 comments

When using agent forward to connect with one key to a bastion server and then with different keys to other servers the sequence of keys in the ssh_config file is important.
e.g.:

Host *
IdentityFile ~/.ssh/KEY_1.pem
IdentityFile ~/.ssh/KEY_2.pem
IdentityFile ~/.ssh/KEY_3.pem
AddKeysToAgent yes
UseKeychain yes
ForwardAgent yes

If the first server I am connecting to already authenticates with KEY_1.pem the others do not get added to the ssh-agent. To achieve that I had to switch the order to:

Host *
IdentityFile ~/.ssh/KEY_2.pem
IdentityFile ~/.ssh/KEY_3.pem
IdentityFile ~/.ssh/KEY_1.pem
AddKeysToAgent yes
UseKeychain yes
ForwardAgent yes

which then allowed me to have all 3 identities added to the ssh agent.

Answer 1 · 2017-03-21T05:58:51.000Z

Your config is really bad, you should split every key to a separate host.

Host a
    HostName abc.com
    IdentityFile ~/.ssh/KEY_1.pem
    AddKeysToAgent yes
    UseKeychain yes
    ForwardAgent yes

Host b
    HostName def.com
    IdentityFile ~/.ssh/KEY_2.pem
    AddKeysToAgent yes
    UseKeychain yes
    ForwardAgent yes

Host c
    HostName ghi.com
    IdentityFile ~/.ssh/KEY_3.pem
    AddKeysToAgent yes
    UseKeychain yes
    ForwardAgent yes

Answer 2 · 2017-03-21T13:26:06.000Z

I am not sure if understand - I can only connect to host b when connected to host a. What you are proposing Is not working in that case or do I miss something

Answer 3 · 2017-08-01T15:33:54.000Z

But how to add multiple identities to Host *?