Dev sftp ssh agent cig

src/build/config/config.yaml

@@ -2424,6 +2424,14 @@ option:
     command: repo-type
     depend: repo-sftp-host
 
+  repo-sftp-identity-agent:
+    section: global
+    group: repo
+    type: string
+    required: false
+    command: repo-type
+    depend: repo-sftp-host
+
   repo-sftp-known-host:
     section: global
     group: repo
@@ -2439,7 +2447,8 @@ option:
   repo-sftp-private-key-file:
     section: global
     group: repo
-    type: string
+    type: list
+    required: false
     command: repo-type
     depend: repo-sftp-host
 
@@ -2460,6 +2469,14 @@ option:
     command: repo-type
     depend: repo-sftp-host
 
+  repo-sftp-use-ssh-agent:
+    section: global
+    group: repo
+    type: boolean
+    default: true
+    command: repo-type
+    depend: repo-sftp-host
+
   repo-storage-verify-tls:
     section: global
     group: repo

src/build/help/help.xml

@@ -1126,6 +1126,15 @@
                         <example>pg-backup</example>
                     </config-key>
 
+                    <config-key id="repo-sftp-identity-agent" name="SFTP Identity Agent">
+                        <summary>SFTP identity agent.</summary>
+
+                        <text> <p>Specifies the UNIX-domain socket used to communicate with the authentication agent. This option overrides the SSH_AUTH_SOCK environment variable and can be used to select a specific agent. Arguments to <setting>repo-sftp-identity-agent</setting> may use tilde syntax to refer to a user's home directory. This option is not valid for versions of libssh2 prior to 1.9</p>
+                        </text>
+
+                        <example>/var/lib/postgresql/.ssh/pgbackrest_ssh_identity_agent_socket</example>
+                    </config-key>
+
                     <config-key id="repo-sftp-known-host" name="SFTP Known Hosts File">
                         <summary>SFTP known hosts file.</summary>
 
@@ -1140,7 +1149,9 @@
                         <summary>SFTP private key file.</summary>
 
                         <text>
-                            <p>SFTP private key file used for authentication.</p>
+                            <p>SFTP private key file used for authentication. The <setting>{[dash]}-repo-sftp-private-key-file</setting> option can be passed multiple times to specify more than one private key file.</p>
+                            <p><b>NOTE</b>: If <setting>{[dash]}-repo-sftp-public-key-file</setting> is not specified, the public key path will be generated by appending <quote>.pub</quote> to the private key path and paired with it's private key for authentication. If it is specified, then it will be paired with each private key to attempt authentication.</p>
+                            <p><b>NOTE</b>: libssh2 versions before 1.9.0 expect a PEM format keypair, ssh-keygen -m PEM -t rsa -P <quote></quote> will generate a PEM keypair without a passphrase.</p>
                         </text>
 
                         <example>~/.ssh/id_ed25519</example>
@@ -1150,7 +1161,7 @@
                         <summary>SFTP private key passphrase.</summary>
 
                         <text>
-                            <p>Passphrase used to access the private key. This is an optional feature when creating an SSH public/private key pair.</p>
+                            <p>Passphrase used to access the private key. This is an optional feature when creating an SSH public/private key pair. If specified, it will be used with each key.</p>
                         </text>
 
                         <example>BeSureToGenerateAndUseASecurePassphrase</example>
@@ -1160,12 +1171,24 @@
                         <summary>SFTP public key file.</summary>
 
                         <text>
-                            <p>SFTP public key file used for authentication. Optional if compiled against OpenSSL, required if compiled against a different library.</p>
+                            <p>SFTP public key file used for authentication. Optional if compiled against OpenSSL, required if compiled against a different library. If a public key file is specified, it will be paired with each private key file during authentication.</p>
+                            <p><b>NOTE</b>: libssh2 versions before 1.9.0 expect a PEM format keypair, ssh-keygen -m PEM -t rsa -P <quote></quote> will generate a PEM keypair without a passphrase.</p>
                         </text>
 
                         <example>~/.ssh/id_ed25519.pub</example>
                     </config-key>
 
+                    <config-key id="repo-sftp-use-ssh-agent" name="SFTP Use SSH Agent">
+                        <summary>SFTP use ssh agent.</summary>
+
+                        <text>
+                            <p>When enabled, if not already authenticated via a private key file, an attempt will be made to authenticate via ssh-agent. The default agent is read from the SSH_AUTH_SOCK environment variable. The default agent may be overridden by using the <setting>repo-sftp-identity-agent</setting> setting if compiled against libssh2 version 1.9 or greater.</p>
+                        </text>
+
+                        <default>y</default>
+                        <example>n</example>
+                    </config-key>
+
                     <config-key id="repo-storage-ca-file" name="Repository Storage CA File">
                         <summary>Repository storage CA file.</summary>
 

src/config/config.auto.h

@@ -136,7 +136,7 @@ Option constants
 #define CFGOPT_TYPE                                                 "type"
 #define CFGOPT_VERBOSE                                              "verbose"
 
-#define CFG_OPTION_TOTAL                                            179
+#define CFG_OPTION_TOTAL                                            181
 
 /***********************************************************************************************************************************
 Option value constants
@@ -524,10 +524,12 @@ typedef enum
     cfgOptRepoSftpHostKeyHashType,
     cfgOptRepoSftpHostPort,
     cfgOptRepoSftpHostUser,
+    cfgOptRepoSftpIdentityAgent,
     cfgOptRepoSftpKnownHost,
     cfgOptRepoSftpPrivateKeyFile,
     cfgOptRepoSftpPrivateKeyPassphrase,
     cfgOptRepoSftpPublicKeyFile,
+    cfgOptRepoSftpUseSshAgent,
     cfgOptRepoStorageCaFile,
     cfgOptRepoStorageCaPath,
     cfgOptRepoStorageHost,