mirror of
https://github.com/opentofu/opentofu.git
synced 2025-02-25 18:45:20 -06:00
8c8847e1cf
It's becoming more common for users to have many ssh keys loaded into an agent, and with the default max auth attempts of an openssh server at 6, one often needs to specify which id to use in order to avoid a `too many authentication failures` error. Add a connection field called `agent_identity` which will function similarly to the ssh_config IdentityFile when used in conjunction with an ssh agent. This uses `agent_identity` rather than `identity_file` to specify that the file is not used directly for authentication, rather it's used to choose which identity returned from the agent to authenticate with first. This feature tries a number of different methods to match the agent identity. First the provisioner attempts to read the id file and extract the public key. If that isn't available, we look for a .pub authorized key file. Either of these will result in a public key that can be matched directly against the agent keys. Finally we fall back to matching the comment string exactly, and the id as a suffix. The only result of using the agent_identity is the reordering of the public keys used for authentication, and if there is no exact match the client will still attempt remaining keys until there is an error. |
||
|---|---|---|
| .. | ||
| remote | ||
| shared | ||
| ssh | ||
| winrm | ||
| communicator_mock.go | ||
| communicator_test.go | ||
| communicator.go | ||