Open mc0e opened 8 years ago
Agreed, currently the way that identitites are selected is fuzzy and prone to error. I think ssh-ident should be split into seperate scripts:
ssh-ident
which remains as a script that auto detects identities and the binary to runssh-ident-exec
which can be used to execute a program in a specific identity/agent context (and could be used internally by ssh-ident instead of RunShellCommandInAgent
)ssh-ident-ctl
which can be used for the cases that you have mentioned, I would be in favor of using subcommands:
ssh-ident-ctl list
to list identities available, agent status, keys loaded (depending on parameters)ssh-ident-ctl load <identity>
to either load the agent file into the shell, or set an environment variable such as SSH_IDENTITY
that would have to be compatible with both ssh-ident
and ssh-ident-ctl
ssh-ident-ctl inspect <identity>
to list details of an identity, such as keys available, which keys are loaded and agent status/pid/socketssh-ident-ctl kill-agent <identity>
to kill the agent of the given identityI believe that trying to squeeze more functionality into the ssh-ident script itself is going to make it even more monolithic than it already is, and reduce maintainability.
Accessing the ssh-agent of an identity can be done by just sourcing the related environment file of the wanted identity.
Same as using pure ssh-agent where you also have to make sure to have the correct environment variables set.
I use a subshell to not polute my normal environment.
( . ~/.ssh/agents/agent-<identity>-${HOSTNAME} >/dev/null 2>/dev/null; /usr/bin/ssh-add -l; )
P.S.: I'm currently implementing an ssh-add wrapper functionality in my fork, which allows to use ssh-add -i <identity> ...
Have a look at my fork at https://github.com/ssh-ident/ssh-ident1
There I extended ssh-ident to recognize ssh-agent/ssh-add and add a virtual paramter -i <identity>
@maddes-b said:
Have a look at my fork at https://github.com/maddes-b/ssh-ident There I extended ssh-ident to recognize ssh-agent/ssh-add and add a virtual paramter
-i <identity>
Is that a work-in-progress fork, or are you taking your project in a separate direction?
I.e. Are those changes likely to be merged here?
Accessing the ssh-agent of an identity can be done by just sourcing the related environment file of the wanted identity. Same as using pure ssh-agent where you also have to make sure to have the correct environment variables set. I use a subshell to not polute my normal environment.
( . ~/.ssh/agents/agent-<identity>-${HOSTNAME} >/dev/null 2>/dev/null; /usr/bin/ssh-add -l; )
P.S.: I'm currently implementing an ssh-add wrapper functionality in my fork, which allows to use
ssh-add -i <identity> ...
This is really useful, as it gives me a way to use the desired agent that is more likely to work when using software that uses the ssh protocol via libraries rather than accessing the binary
Intention is to go for a ssh-ident3. Still have to settle the development structure. It will be developed under GitHub organization 'ssh-ident' to allow building a team.
Moved to https://github.com/ssh-ident/ssh-ident1
SSH_ADD_OPTIONS got a little bit more advanced.
Updated fork:
Add virtual parameter -I (uppercase) for ssh-agent and ssh-add to also load keys
* For ssh-add/ssh-agent add first virtual parameter -I (uppercase) which also loads keys
* Enhance README with new functionality and its usages
* Enhance README with troubleshooting section
Intention is to go for a ssh-ident2. Still have to settle the development structure. It will be developed under GitHub organization 'ssh-ident' to allow building a team.
There's a work-in-progress(!) where I implemented dumping the config. Listing identities will be next, before doing the ssh wrapper stuff. https://github.com/ssh-ident/ssh-ident3/tree/feature/build-code-basis
This project is heading in a good direction, but I'm not entirely happy with the ways the identity is selected. I'd like to be able to issue a command to select which identity I want to use. I'd also like to be able to list identities, and the keys loaded in them. I'm imagining something like the following:
ssh-ident work
would output shell commands, which in turn would set and export environment variables. There could be an environment variable naming the identity, caught later by ssh-ident, or environment variables for consumption by openssh could be set (e.g.SSH_AUTH_SOCK
).I've chosen to address ssh-ident directly by it's own name for setting the identity, which means putting the executable or a symlink with that name in the path. I figure ssh-ident could also get a couple of extra bits of functionality like listing the identities it knows about, whether they are running, and what keys are loaded.