Good morning, I have one ed25519-sk key (using a hardware token), which I need only on my personal machine for some high security servers (all Debian). This key type is supported by OpenSSH 8.3+. We still have two machines running RHEL 7 which offers OpenSSH 7.2.
There is now an implementation glitch in the agent forwarding. It seems to send all the keys in the ~/.ssh/
dir as a byte stream. It does not check whether the keys are needed or compatible on the server side.
If there is only one incompatible key, there are no keys transferred at all. Not even the compatible ones.
server $ ssh-add -l
error fetching identities for protocol 1: agent refused operation
error fetching identities for protocol 2: invalid format
The agent has no identities.
To be clear, I don't need the ed25519-sk key on the server but I need ForwardAgent to be enabled here because we're using this to access Git repos.
A workaround is to move the ed25529-sk key out of the ~/.ssh/
directory.
Anybody has an idea how to achive both of the following?
- Keep the ed25529-sk key on my local machine in the
~/.ssh
dir - Forward all other|compatible keys to the server