ssh-ident icon indicating copy to clipboard operation
ssh-ident copied to clipboard

Published 20 hours ago verified publisher icon ccontavalli

A command line interface for selecting identity and listing identities and keys.

Open mc0e opened this issue 8 years ago • 10 comments

This project is heading in a good direction, but I'm not entirely happy with the ways the identity is selected. I'd like to be able to issue a command to select which identity I want to use. I'd also like to be able to list identities, and the keys loaded in them. I'm imagining something like the following:

# switch to using the 'work' identity.  This probably needs a bash alias
ssh-ident work
# without the alias we'd need to source the output of a command (or set an environment var)
`ssh-ident work`

# interactive selection ?
ssh-ident -i

# with no arguments, list known identities
ssh-ident

# list the loaded keys of the current identity (presumably needs an aliased ssh-add command)
ssh-add -L

ssh-ident work would output shell commands, which in turn would set and export environment variables. There could be an environment variable naming the identity, caught later by ssh-ident, or environment variables for consumption by openssh could be set (e.g. SSH_AUTH_SOCK).

I've chosen to address ssh-ident directly by it's own name for setting the identity, which means putting the executable or a symlink with that name in the path. I figure ssh-ident could also get a couple of extra bits of functionality like listing the identities it knows about, whether they are running, and what keys are loaded.

mc0e avatar May 19 '16 14:05 mc0e

Agreed, currently the way that identitites are selected is fuzzy and prone to error. I think ssh-ident should be split into seperate scripts:

  • ssh-ident which remains as a script that auto detects identities and the binary to run
  • ssh-ident-exec which can be used to execute a program in a specific identity/agent context (and could be used internally by ssh-ident instead of RunShellCommandInAgent)
  • ssh-ident-ctl which can be used for the cases that you have mentioned, I would be in favor of using subcommands:
    • ssh-ident-ctl list to list identities available, agent status, keys loaded (depending on parameters)
    • ssh-ident-ctl load <identity> to either load the agent file into the shell, or set an environment variable such as SSH_IDENTITY that would have to be compatible with both ssh-ident and ssh-ident-ctl
    • ssh-ident-ctl inspect <identity> to list details of an identity, such as keys available, which keys are loaded and agent status/pid/socket
    • ssh-ident-ctl kill-agent <identity> to kill the agent of the given identity

I believe that trying to squeeze more functionality into the ssh-ident script itself is going to make it even more monolithic than it already is, and reduce maintainability.

s1kx avatar Aug 25 '16 23:08 s1kx

@mc0e @s1kx I've implemented the basic idea in #37

bendikro avatar Apr 03 '17 15:04 bendikro

Accessing the ssh-agent of an identity can be done by just sourcing the related environment file of the wanted identity. Same as using pure ssh-agent where you also have to make sure to have the correct environment variables set. I use a subshell to not polute my normal environment. ( . ~/.ssh/agents/agent-<identity>-${HOSTNAME} >/dev/null 2>/dev/null; /usr/bin/ssh-add -l; )

P.S.: I'm currently implementing an ssh-add wrapper functionality in my fork, which allows to use ssh-add -i <identity> ...

maddes-b avatar Jan 11 '21 21:01 maddes-b

Have a look at my fork at https://github.com/ssh-ident/ssh-ident1 There I extended ssh-ident to recognize ssh-agent/ssh-add and add a virtual paramter -i <identity>

maddes-b avatar Jan 23 '21 21:01 maddes-b

@maddes-b said:

Have a look at my fork at https://github.com/maddes-b/ssh-ident There I extended ssh-ident to recognize ssh-agent/ssh-add and add a virtual paramter -i <identity>

Is that a work-in-progress fork, or are you taking your project in a separate direction?

I.e. Are those changes likely to be merged here?

mc0e avatar May 29 '21 10:05 mc0e

Accessing the ssh-agent of an identity can be done by just sourcing the related environment file of the wanted identity. Same as using pure ssh-agent where you also have to make sure to have the correct environment variables set. I use a subshell to not polute my normal environment. ( . ~/.ssh/agents/agent-<identity>-${HOSTNAME} >/dev/null 2>/dev/null; /usr/bin/ssh-add -l; )

P.S.: I'm currently implementing an ssh-add wrapper functionality in my fork, which allows to use ssh-add -i <identity> ...

This is really useful, as it gives me a way to use the desired agent that is more likely to work when using software that uses the ssh protocol via libraries rather than accessing the binary

mc0e avatar May 29 '21 11:05 mc0e

Intention is to go for a ssh-ident3. Still have to settle the development structure. It will be developed under GitHub organization 'ssh-ident' to allow building a team.

maddes-b avatar May 29 '21 13:05 maddes-b

Moved to https://github.com/ssh-ident/ssh-ident1

SSH_ADD_OPTIONS got a little bit more advanced.

maddes-b avatar Jan 10 '22 16:01 maddes-b

Updated fork:

Add virtual parameter -I (uppercase) for ssh-agent and ssh-add to also load keys

* For ssh-add/ssh-agent add first virtual parameter -I (uppercase) which also loads keys
* Enhance README with new functionality and its usages
* Enhance README with troubleshooting section

maddes-b avatar Jan 15 '22 21:01 maddes-b

Intention is to go for a ssh-ident2. Still have to settle the development structure. It will be developed under GitHub organization 'ssh-ident' to allow building a team.

There's a work-in-progress(!) where I implemented dumping the config. Listing identities will be next, before doing the ssh wrapper stuff. https://github.com/ssh-ident/ssh-ident3/tree/feature/build-code-basis

maddes-b avatar Jan 25 '22 15:01 maddes-b