SSH IdentitiesOnly=yes forwarding all my keys

Question

I cannot for the life of me figure out why my SSH config is forwarding the wrong key. I have two keys, we'll call them home_rsa and work_rsa. I have done the following:

eval `ssh-agent`
ssh-add -K ~/.ssh/home_rsa
ssh-add -K ~/.ssh/work_rsa

Here is my ~/.ssh/config file:

Host home
  ForwardAgent yes
  HostName home.com
  IdentityFile ~/.ssh/home_rsa
  IdentitiesOnly yes
  User home

Host work
  ForwardAgent yes
  HostName work.com
  IdentitiesOnly yes
  IdentityFile ~/.ssh/work_rsa
  User work

Host bitbucket
  IdentityFile ~/.ssh/home_rsa

Host bitbucket-work
  IdentityFile ~/.ssh/work_rsa

Host bitbucket*
  HostName bitbucket.com
  User git

When I run the following…

ssh work
ssh [email protected]

…Bitbucket reports that I'm using my home user, though I'm clearly logged into my work server and should be forwarding my work key. If I add my SSH identities in the reverse order and run the same code above, Bitbucket reports I'm using my work user. Running ssh-add -l from my work server, I see that both SSH keys are being forwarded, but isn't that the job of IdentitiesOnly yes?

Really confused as to what's going on here.

Answer 1

Really confused as to what's going on here.

ForwardAgent option forwards the connection to your agent, with all the keys inside and does not forward your local ~/.ssh/config to remote host. What you do on the work host is controlled by your configuration on that host.

What are you trying to do with that?

Answer 2

You need to update your ssh keys with their equivalent bitbucket account first at their website (work user with work_rsa, user with user_rsa). Then maybe this could help.

Host                bitbucket-work
HostName            bitbucket.org
IdentitiesOnly      yes
IdentityFile        ~/.ssh/work_rsa
User                work

Usage:

ssh bitbucket-work

sshbitbucket