Bk association-specific SSH keypairs?

Is there a (hopefully simple) way to tie an SSH keypair to an arbitrary (remote) repo instance?

If I am doing bk operations on a repo on machine A that needs to push/pull/diff whatever with a related repo on machine B, I’d like to be able to specify an ssh keypair that would be used for these bk-specific communications.

How might I accomplish this?

You can set BK_RSH='ssh -i keyfile' in the environment and I am pretty sure that will do it.

Thanks, Wayne - I knew about that one and we might be able to make it work. My concern about this method is that we’d have to change the variable each time we wanted to switch to a different host. If we could find a way to have bk select the keyfile based on the target host, that might be a lot easier. I’ll say that I don’t know what the right answer is here…

That you can do with the $HOME/.ssh/config file. You set a different IdentityFile for each host.

The identityfile for bk needs to be different from the one used by the user in this case.

It may be that we need to do a much deeper study of the way we’re going to use this to see if we can “make it go” with the ~/.ssh/config file. But what you describe might still be the best way to go.

you can combine the 2 ideas and use BK_RSH='ssh -F my-bk-config'

neat - can I get access to the other command-line arguments some how to know what host bk is trying to contact?

the ssh config file can control most ssh command line options on a per-host basis.

yes, and in this case the chain of events is:

$ BK_RSH=“ssh -F my-bk-config”

$ bk whatever

and when bk evaluates BK_RSH, assuming my-bk-config is sourced in a way that it is exec’t by the shell, then my-bk-config will need to be able to determine the target host (we can probably tell if it’s the local host, if it’s a parent, or if a different host was given on the command line) and choose the correct key that way.

The other way you can do this is with fake hostnames. Add this to $HOME/.ssh/config

Host dev
    HostName myserver.domain.com
    IdentityFile /home/harlan/.ssh/id-ssh-bk

Then do a bk clone ssh://dev/myrepo

When ssh sees the hostname ‘dev’ it will use the special config block.

1 Like

I’ll give that a shot - thanks a bunch!