On 2020/05/22 15:09, Paul Suh wrote: > > > > On May 22, 2020, at 3:35 AM, Stuart Henderson <s...@spacehopper.org> wrote: > > > > On 2020-05-21, Paul Suh <pl...@goodeast.com> wrote: > >> However, if you are loading multiple keys into ssh-agent and forwarding > >> keys to other hosts, there doesn’t seem to be a way to select which key > >> will be presented to the destination by the ssh client. > > > > See IdentitiesOnly. > > > >> The particular case I’m working with is using git with bitbucket.org, > >> where user accounts are identified by the key. I have two accounts that > >> have two different keys, and when I’m logged into another server via ssh I > >> can only access one BitBucket account since that’s the one whose keys > >> ssh-agent presents first. > > > > You may find it useful to set Host blocks in .ssh/config with > > IdentityFile, e.g. (untested but I think it's right): > > > > IdentitiesOnly yes > > > > Host bitbucket-foo > > User git > > HostName bitbucket.org > > IdentityFile ~/.ssh/bb-foo.ed25519 > > ControlMaster auto > > ControlPersist 30 > > ControlPath /tmp/ssh.bitbucket-foo > > > > Host bitbucket-bar > > User git > > HostName bitbucket.org > > IdentityFile ~/.ssh/bb-bar.ed25519 > > ControlMaster auto > > ControlPersist 30 > > ControlPath /tmp/ssh.bitbucket-bar\ > > Stuart, > > Thanks for you kind assistance. Do these go into the .ssh/config file on my > local host (where I’m physically typing), on the server that I’m connected > to, or both? I haven’t used the ControlMaster option before.
Ahh I just realised that you might be wanting to use agent-forwarded keys to connect to bitbucket. What I described should work if you have local keys on the server where you run the git commands but it's not using them because it's using a key from the agent that you don't want it to use - but if you're trying to use one of several agent keys then I'm not sure if it will be possible. ControlMaster is optional but if you're running multiple commands against a server it will keep the session open for a configurable time, so it will avoid some delays (but if you're doing that you will need to make sure it uses a different ControlPath for each separate bitbucket login).
