# Allow user to select a single SSH key when a list of keys is requested by a client program #38

Closed
opened this Issue Feb 28, 2013 · 15 comments

Projects
None yet
6 participants

### xchs commented Feb 28, 2013

 Would you consider adding an additional option to the KeeAgent plugin settings to enable/disable the KeeAgent behavior and interaction for a multiple SSH key request? That said, the plugin should pop up a dialog box when a list of SSH keys is requested that will let you choose which keys are fetched. For instance, it could be useful for (developing) environments with multiple identities (work / private) and therefore different SSH keys for each of them. In the meantime, thank you very much!

Closed

Owner

### dlech commented Jul 9, 2013

 I started working on this, but I think that I am not going to do this after all. Here is the reasoning. It will only work in Agent Mode, not Client Mode. It will cause a lockup for anyone who uses sftp via IOProtocolExt (another KeePass plugin) You can work around this issue by manually loading and unloading keys using the KeeAgent manager. I am leaving the issue open though in case anyone wants to try to persuade me otherwise.

### xchs commented Jul 9, 2013

 Thank you anyway!

### elieux commented Nov 25, 2013

 I propose adding a function to reorder the keys. The limit differs among servers, so if I put the keys for the more stringent servers to the top, I can avoid the errors.

### mvenghaus commented Jan 15, 2014

 Please add Folders to the Key Form and in the toolbar from keepass integrate a dropdown to select the current workset (folder)

### solntcev commented Apr 10, 2014

 KeePass have "ssh://" protocol, to run putty from url field. Could KeeAgent trace such urls and filter keys by some settings in entry with ssh url?
Owner

### dlech commented Apr 22, 2014

 I have implemented something like what @solntcev suggested. Don't have documentation on the website yet, but here are the basics. There is a new option for each individual password entry to save a SSH key file to a temporary file on your hard drive when the key is loaded into the agent. I also added some place holders so that you can find where this file got saved. {KEEAGENT:KEYFILEPATH} returns the full path. e.g. C:\path\to\keyfile.ppk {KEEAGENT:IDENTFILEOPT} returns the identity file command line option that is used by both PuTTY.exe and ssh. e.g. -i "C:\path\to\keyfile.ppk" So, you can set up a URL override [Tools > Options > Integration (tab) > URL Scheme Overrides... (button)] for ssh like this: cmd://"C:\Program Files (x86)\PuTTY\PuTTY.exe" -ssh {USERNAME}@{URL:RMVSCM} {KEEAGENT:IDENTFILEOPT}  Be sure to uncheck the existing built-in override for ssh. This will tell PuTTY to use only this key file for connecting. ssh uses the same command line option, so this should work on Linux too.
Owner

### dlech commented Apr 22, 2014

 Forgot to mention, this is in v0.5.0 (beta) which I just posted on http://lechnology.com/software/keeagent

Closed

Owner

### dlech commented Nov 19, 2014

 I have made changes released in v0.5.4 to work around the problem that this issue was trying to solve, but in a different way (see #81). I think that there is no longer a need for something like what is proposed in this issue, so I'm closing the issue.

### elieux commented Nov 19, 2014

 I'd like to continue the discussion. I open SSH session directly from PuTTY, rather than from KeePass, so the new features from #81 don't solve my issue. Should I file a new issue for this (or do you hang out on IRC or somewhere)?
Owner

### dlech commented Nov 20, 2014

 If you thinks that the solution proposed in the first comment here is the best solution, then I will reopen the issue and we can discuss it some more. If you have a new idea, then please open a new issue.

### elieux commented Nov 20, 2014

 I don't really know, therefore continuing in #90.

Closed

Owner

### dlech commented Jun 6, 2015

 Based on the discussion in #90, I am reopening this issue. I think there is more of a need for this that I thought.

### dlech added a commit to dlech/SshAgentLib that referenced this issue Jul 11, 2015

 Add callback for filtering the list of keys returned by the agent. 
This is used in response to a request identities message.

Issue dlech/KeeAgent#38
 fef749f 

### dlech added a commit to dlech/SshAgentLib that referenced this issue Jul 11, 2015

 Add a KeyPicker dialog. 
This is intended to be used by the KeyFilterCallback.

Issue dlech/KeeAgent#38
 6fa8f01 

### dlech added a commit that referenced this issue Jul 11, 2015

 Add option to allow user to select keys in response to request identi… 
…ties.

This works in Agent mode only. When a client program requests a list of
available keys, if more than one key is available a dialog is shown to allow
the user to select which key(s) that should be returned. This is useful when
the user has a large number of keys. For example, openssh server only allows
6 keys to be returned by default.

Issue dlech/KeeAgent#38.
 8f72ed9 
Owner

### dlech commented Jul 11, 2015

 I've made an attempt to implement this feature. Let me know how it works for you. http://lechnology.com/2015/07/keeagent-beta-v0-7-4-released/
Owner

### dlech commented Jul 11, 2015

 Please open a new issue for any problems or further enhancements.

### addshore commented Sep 11, 2015

 I'd just like to say that I just ran into this issue when using ProxyCommand! Previously the first key retrieved would be correct, the second key would then for some reason be incorrect thus my ProxyCommand would never succeed. I am on 0.7.5 now and I assume the option you are talking about is the "show key selection dialog" which I am now using to solve my issue above with ProxyCommand and it works a treat!

Closed

Open