bugzilla-daemon at mindrot.org
2012-Jul-06 08:57 UTC
[Bug 2024] New: Allow to ssh client say to ssh-agent which key should be used.
https://bugzilla.mindrot.org/show_bug.cgi?id=2024
Priority: P5
Bug ID: 2024
Assignee: unassigned-bugs at mindrot.org
Summary: Allow to ssh client say to ssh-agent which key should
be used.
Severity: enhancement
Classification: Unclassified
OS: Linux
Reporter: pub at mnu.pp.ru
Hardware: Other
Status: NEW
Version: 6.0p1
Component: ssh-agent
Product: Portable OpenSSH
There is no way to say ssh-agent which one of keys should be used.
That's why it tries to use all of them in order and if you have more
than 5 keys, you will receive "Too many authentication failures for".
It's bad and I have no idea how to workaround this problem without
modification of source code.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2012-Jul-06 09:27 UTC
[Bug 2024] Allow to ssh client say to ssh-agent which key should be used.
https://bugzilla.mindrot.org/show_bug.cgi?id=2024
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at zip.com.au
--- Comment #1 from Darren Tucker <dtucker at zip.com.au> ---
Didn't IdentitiesOnly do what you want? That plus IdentityFile should
cause the client to only try the key specified by IdentityFile.
IdentitiesOnly
Specifies that ssh(1) should only use the authentication identity
files configured in the ssh_config files, even if ssh-agent(1)
offers more identities. The argument to this keyword must be
"yes" or "no". This option is intended for situations
where ssh-
agent offers many different identities. The default is "no".
IdentityFile
Specifies a file from which the user's RSA or DSA authentication
identity is read. The default is ~/.ssh/identity for protocol
version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for protocol ver-
sion 2. Additionally, any identities represented by the authen-
tication agent will be used for authentication.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2012-Jul-06 09:47 UTC
[Bug 2024] Allow to ssh client say to ssh-agent which key should be used.
https://bugzilla.mindrot.org/show_bug.cgi?id=2024 --- Comment #2 from Anton Chevychalov <pub at mnu.pp.ru> --- As far as I understand parameters "-i" and "IdentityFile" can be used only for authentication without ssh-agent. It means when you say -i ~/.ssh/id_rsa it will try to find this on file system, not in ssh-agent. I want to have something like -i but for case when my keys not on file system but in ssh-agent. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2012-Jul-06 10:00 UTC
[Bug 2024] Allow to ssh client say to ssh-agent which key should be used.
https://bugzilla.mindrot.org/show_bug.cgi?id=2024 --- Comment #3 from Darren Tucker <dtucker at zip.com.au> --- -i or IdentityFile will use a key from the agent if it has one with a matching fingerprint. IdentitiesOnly will use only the identities specified by IdentityFile, and if the agent has it that's what will get used. The man page doesn't really mention this, so maybe we should add something. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2012-Jul-06 10:32 UTC
[Bug 2024] Allow to ssh client say to ssh-agent which key should be used.
https://bugzilla.mindrot.org/show_bug.cgi?id=2024 --- Comment #4 from Anton Chevychalov <pub at mnu.pp.ru> --- ?h. It's really nice! It means that everything I need is ssh-agent with previously imported keys and pub keys as a source of fingerprints. I think it should be mentioned in man pages just because a lot of people think it can't work. But why there is no search by key name? I mean that name is more simple that fingerprint and you can store this parameter in ssh_config. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2012-Sep-07 01:29 UTC
[Bug 2024] Allow to ssh client say to ssh-agent which key should be used.
https://bugzilla.mindrot.org/show_bug.cgi?id=2024 --- Comment #5 from Damien Miller <djm at mindrot.org> --- Created attachment 2186 --> https://bugzilla.mindrot.org/attachment.cgi?id=2186&action=edit Document interaction of IdentitiesOnly, IdentityFile and ssh-agent more explicitly -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2013-Jun-05 01:00 UTC
[Bug 2024] Allow to ssh client say to ssh-agent which key should be used.
https://bugzilla.mindrot.org/show_bug.cgi?id=2024
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2186| |ok+
Flags| |
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2013-Jun-05 01:01 UTC
[Bug 2024] Allow to ssh client say to ssh-agent which key should be used.
https://bugzilla.mindrot.org/show_bug.cgi?id=2024
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |2076
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2013-Jun-21 00:38 UTC
[Bug 2024] Allow to ssh client say to ssh-agent which key should be used.
https://bugzilla.mindrot.org/show_bug.cgi?id=2024
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #6 from Damien Miller <djm at mindrot.org> ---
patch applied - this will be in openssh-6.3
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Aug-02 00:42 UTC
[Bug 2024] Allow to ssh client say to ssh-agent which key should be used.
https://bugzilla.mindrot.org/show_bug.cgi?id=2024
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #7 from Damien Miller <djm at mindrot.org> ---
Close all resolved bugs after 7.3p1 release
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
Reasonably Related Threads
- [Bug 2066] New: ssh tries the keys proposed by the agent before those passed with -i
- [Bug 3153] New: Prefer user specified keys to avoid the agent overloading MaxAuthTries before even trying the key that was specified
- ssh-agent and IdentityFile
- How to use ssh -i with a key from ssh-agent rather than from a file?
- ssh while ssh-agent is running