Running ssh-add on a Remote Host
I learned something new today. It’s not earth-shattering, but it was news to me.
I have a standard SSH authorized_keys file that I install on all
the machines I manage or use. That file contains a couple different
public keys, one corresponding to the private key on my work laptop
and one to that on my Mac at home.
Today, I was working at home, so I was using my home Mac, with its SSH private key loaded into the SSH agent. A colleague asked me to make a change to a git repository, but that repo has an odd configuration and only knows about my work-laptop keypair.
My laptop was still running at work, so I logged into it thinking that I’d just do the operation from the laptop, manually using its keypair.
On a lark, I ran ssh-add after logging into the laptop. Lo and
behold, that key showed up in the agent on my home machine! I didn’t
have to do the work on my laptop; I was able to do it all at home
with my work key.
The lesson is, be careful where you run ssh-add. You may end up
loading a remote key into your local agent. You may want that to
happen…or not.