Let's say I have a key for Github, along with other keys. I've added lots of keys to my ssh agent (ssh-add -L returns lots of lines) at my home computer A. In my .ssh/config I have set up which key to use with which host, so e.g.
ssh -T -vvv git@github.com 2>&1 | grep Offering
gives
debug1: Offering RSA public key: /Users/doxna/.ssh/id_rsa.github
Only one key is offered, as expected. But then ssh-ing to some host B with ForwardAgent yes and repeating the same command, I get
debug1: Offering RSA public key: /Users/doxna/.ssh/id_rsa.linode2
debug1: Offering RSA public key: /Users/doxna/.ssh/id_rsa.helium
debug1: Offering RSA public key: /Users/doxna/.ssh/id_rsa.github
meaning it tries all my keys. This is problematic since only a limited number of keys can be tried before servers return Too many authentication failures. So I tried editing .ssh/config on host B to include
Host github.com
IdentityFile /Users/doxna/.ssh/id_rsa.github
IdentitiesOnly yes
but then I get no key offerings, but rather
debug2: key: /Users/doxna/.ssh/id_rsa.github ((nil))
which I guess means that the key was not found(?) And after all, the key is located at my home computer A, not host B, so the question is how to refer to it at host B? Hope I managed to explain the question.
Best Answer
You got the right idea. The only part you are missing is that the file pointed to by
IdentityFilemust exist. It does not need to contain a private key, having just the public key available is sufficient.On host B you can extract the public key from the agent by typing
ssh-add -L | grep /Users/doxna/.ssh/id_rsa.github > ~/.ssh/id_rsa.github.puband then point to that file from~/.ssh/config