<br><br> <div class="gmail_quote">On Tue, Aug 24, 2010 at 8:58 AM, Vincent Ladeuil <span dir="ltr"><<a href="mailto:v.ladeuil%2Blp@free.fr">v.ladeuil+lp@free.fr</a>></span> wrote:<br> <blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote"> <div class="im">>>>>> Maritza Mendez <<a href="mailto:martitzam@gmail.com">martitzam@gmail.com</a>> writes:<br><br></div> <div class="im"> > On Mon, Aug 23, 2010 at 3:42 AM, John Barstow <<a href="mailto:jbowtie@amathaine.com">jbowtie@amathaine.com</a>> wrote:<br> >> But certainly it's a good general solution and should be documented<br> >> (in the same place where we say passwords in authentication.conf are<br> >> ignored over ssh).<br> >><br> >><br><br></div><snip/><br> <div class="im"><br> > I also thought that it would be nice to have authentication.conf<br> > either contain or point to my private key.<br><br></div>Here is an excerpt of one of my ~/ssh/config files:<br><br> ,----<br>| IdentityFile ~/.ssh/vila@home<br>| Host freebsd7.local<br>| IdentityFile ~/.ssh/hudson@master<br>| User babune<br>| ForwardAgent yes<br>| Host freebsd8.local<br>| IdentityFile ~/.ssh/hudson@master<br> | User babune<br>| ForwardAgent yes<br>`----<br><br>Depending on the host I'm connecting to, different keys are used. Note<br>that this particular configuration totally avoid the default keys<br>(id_rsa or id_dsa from memory).<br> <br>Once a day, I have to enter the password for each key I use and then I'm<br>free to connect transparently.<br><br>In terms of user experience, it's like swiping your access card when you<br>start working in the morning and be done with it for the whole<br> day... hard to do better.<br> <div class="im"><br> > I was trying to avoid setting up a Windows replacement for<br> > ssh-agent of course. But then I started thinking... bzr should<br> > not really need to know any more about protocols than absolutely<br> > necessary to be a consumer of protocols.<br><br></div>Exactly.<br><br>I'm not familiar enough with windows to tell, but on every other<br>platform I use daily, ssh-agents just work out of the box and<br>~/.ssh/config covers 99% of my needs.<br> <br>The trick is to define a key for each role at which point the concept<br>becomes very close to the physical keys we use in the real world.<br><br>There are still edge cases where I want two different keys to open the<br> exact same door but I can live with that so far (i.e. using the "wrong"<br>key still opens the door and I'm still seen as the "right" key holder).<br><font color="#888888"><br> Vincent<br></font></blockquote> </div> <p><br> </p> <div>Vincent, those are all excellent observations. I am not sure how to map IdentityFile to the Windows platform in general. But it maz help some people to know that pageant (the Putty version of ssh agent) can load and serve multiple private keys simultaneously.</div> <div> </div> <div>Your physical key analogy is a good way to think!</div> <div> </div> <div>M</div>