openssh bugs - Mar 2015 - [Bug 2362] New: Please add a possibility to disable IdentityFiles

https://bugzilla.mindrot.org/show_bug.cgi?id=2362

            Bug ID: 2362
           Summary: Please add a possibility to disable IdentityFiles
           Product: Portable OpenSSH
           Version: 6.7p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: guilhem at fripost.org

For various reasons [0] one might not want to give ssh(1) access to the
private key material, and force the use of the agent instead.  However,
while it's currently possible to ignore the identities offered by the
agent, AFIK it's not possible to ignore identity files.

A way around is to specify a file that does not exist (e.g.,
?IdentityFile none?), but such behavior is not specified in
ssh_config(5), and is also error-prone.  I suggest to make ?none? a
special argument for ?IdentityFile?, and make it empty the list of
identity files; if ?~/.ssh/none? is actualy a genuine identity file, it
would be still be possible to specify it using its absolute path.


[0] https://www.debian-administration.org/users/dkg/weblog/64

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2362

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |WORKSFORME
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
IdentityFile=none has already supported this since OpenSSH-6.2

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2362

--- Comment #2 from Guilhem <guilhem at fripost.org> ---
Good to know, but that behavior is not documented AFAICT:
https://man.openbsd.org/ssh_config.5

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2362

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
closing resolved bugs as of 8.6p1 release

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.