Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Nico Kadel-Garcia
February 19, 2015, 2:41 am
rate this thread
It's been years since I was active on comp.security.ssh: I still do backpor
ts of OpenSSH builds for current RHEL builds over at https://github.com/nka
del/nkadel-openssh-portable, and I've more recently published a new chroot
cage building kit for rssh over at https://github.com/nkadel/rssh-chroot-to
ols. So I hope I still have some credit here for getting some help.
I've got a jenkins and gforge build servier to deal with, and I'd like to u
se individual SSH keys for individual projects to do builds. Since all the
builds on the same server would be talking to github.com, it's easy to set
up a single key in the ~gforge/.ssh/config to use one key for github.com. B
ut it's not easy to use the same read-only "deploy" key this way for multip
le projects: github.com prevents the use of the same "deploy" key for multi
ple repositories, and trying to stuff distinct keys for individual github.c
om projects into $HOME/.ssh/config would mean playing DNS CNAME or /etc/hos
ts games to provide a different apprarent github.com alias for each project
I really, really do not want to do that!!
Has anyone gotten Jenkins or Gforge to activate only a single SSH key for a
single project, gracefully, so I can use github.com deploy keys this way w
ithout touching $HOME/.ssh/config? I'm thinking I can set up GIT_SSH wrappe
rs for individual keys, but that could also get pretty odd pretty quickly.
Re: github.com deploy keis for individual products on a jenkins or gforge server
Well, not an answer to your actual question, but AFAIK you don't need to
do that, i.e. have unique mappings server -> private key. You should be
able to simply have multiple IdentityFile option settings, with the
client trying them in sequence. You still need to store the keys of
course, and I believe there will be some delay in the authentication
procedure as the keys are tried, but it may be acceptable.
- » Pros and Cons of using sftp-server as shell vs other methods of restricting interactive lo...
- — Previous thread in » Secure Shell Forum
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum