Where is authentication problem, when using git over ssh with popular services like Github and Gilab. Both of them require you to connect with user git, and authentication is done via public key. When you have more when one account at such service, and use seperate keys for them, then you will authenticated with the first key you supply, as all keys are valid. This tiny program is designed to filter out access to unnecessary keys in agent. It is inspired with ssh-agent-filter, but written in Go and works under Windows.
Currently, it's MVP only. Although, it's usable right now, there are too many required manual configuration steps, and it's tested in only one documented setup: KeePass 2.x, KeeAgent and Git for Windows (ex. msysGit) under Windows 10.
-
Follow KeeAgent installation instructions to setup it, and also enable
Create msysGit compatible socket fileoption. -
Manualy create somewhere text file (it will be unix socket for any Cygwin-compatible program) with the following content, and set
systemattribute to it:!<socket ><tcp_port_num> s <random_guid>For example (
~/.ssh/keeagent-restricted.sock):!<socket >52101 s A5520E1E-4D0DDFEF-C8F1089C-34EB0CB3 -
Then run
ssh-agent-filter-proxy:SSH_AUTH_SOCK=<path_to_keeagent_msysgit_compatible_socket> go run ssh-agent-filter-proxy.go <tcp_port_num> <permitted_key_comment>
Example:
SSH_AUTH_SOCK=~/.ssh/keeagent-restricted.sock go run ssh-agent-filter-proxy.go 52101 [email protected]
-
Now you can use any program that uses authentication against openssh agent as follows, and it will use only the key with comment you supplied:
SSH_AUTH_SOCK=<path_to_created_socket_file> ssh -T [email protected]
Example:
SSH_AUTH_SOCK=~/.ssh/keeagent-restricted.sock ssh -T [email protected]