Feature Request: SSH agent forward key settings

[mangas]

I would like to request an option on the host to enable Agent forwarding by default with the key already added to it.

Currently it is necessary to call ssh-add KEY_NAME and then ssh -a HOST.

Would be great to just either have the relevant ssh key added to the agent by default or have an option per host to select keys to forward. (forwarding all is also ok, prolly worth having a setting to disable it).

[carloscabanero]

Last time I took a look at this I blocked it because we wanted to do it following what the standard .ssh/config file format would dictate. There is the AddKeysToAgent flag, and that would add the IdentityFile keys (https://man7.org/linux/man-pages/man5/ssh_config.5.html). I’m not completely sold on that, as I usually separate my keys and do not want a “login” key to then make it to the other side in a “generic” way.

We could provide our own interface and corresponding config file to even have different “agents” for different sets of hosts, etc…

At the same time, there are changes coming up to the OpenSSH Agent itself (ie https://www.openssh.com/agent-restrict.html), so for now we thought it may make sense to wait and see what they come up with as well.

Please leave us your thoughts!

[mangas]

@carloscabanero I've tried to set AddKeyToAgent on the host config and it didn't work, I see the key in ssh-add -l but the agent doesn't sign the requests.

On the point of having finer control over the keys, I think the app should not impose the use of a "login" key and make mandatory to have it available on the host. I think the main goal here is to provide a more efficient flow for a specific use case. You'd still be able to use your flow while supporting a simpler flow for whoever wants to buy into it.

In any case I'm happy to use a configuration like AddKeysToAgent and I agree sticking to the standards would be ideal although so far I've not been able to configure the keys for automatic import, always need to add the keys manually before ssh.

[carloscabanero]

We have improved this now on 17.3.0, the default agent now has a special configuration. Please check out https://docs.blink.sh/advanced/advanced-ssh#ssh-agent-and-agent-forwarding For more information!