I would like to ensure that I connect with mysever only using a
specific agent and never an IdentityFile. (It turns out that I had
accidentally been authenticating using one of the implicit
IdentifyFile locations in .ssh)
I want my imaginary ssh configuration to be the equivalent of
host myserver
IdentityAgent /tmp/agentformyserver
IdentityFile never
I have tried setting an explicit "IdentityFile /dev/null" and
"IdentityFile /tmp/id_rsa_IGNORED". Ssh then ignores the
IdentityAgent and fails because the IdentityFile is empty or
rightfully not recognized by myserver.
Is there another way to do this?
M
M Rubon:> I would like to ensure that I connect with mysever only using a > specific agent and never an IdentityFile. (It turns out that I had > accidentally been authenticating using one of the implicit > IdentifyFile locations in .ssh) > > I want my imaginary ssh configuration to be the equivalent of > host myserver > IdentityAgent /tmp/agentformyserver > IdentityFile never > > I have tried setting an explicit "IdentityFile /dev/null" and > "IdentityFile /tmp/id_rsa_IGNORED". Ssh then ignores the > IdentityAgent and fails because the IdentityFile is empty or > rightfully not recognized by myserver.Works for me. lorvorc$ env | fgrep SSH SSH_AUTH_SOCK=/tmp/ssh-Q9qqL3TskHmZ/agent.1504 SSH_AGENT_PID=1505 lorvorc$ unset SSH_AUTH_SOCK lorvorc$ ssh -oIdentityFile=/dev/null -oIdentityAgent=/tmp/ssh-Q9qqL3TskHmZ/agent.1504 partoc partoc$ -- Christian "naddy" Weisgerber naddy at mips.inka.de
On Fri, 3 Jun 2022, M Rubon wrote:> I would like to ensure that I connect with mysever only using a > specific agent and never an IdentityFile. (It turns out that I had > accidentally been authenticating using one of the implicit > IdentifyFile locations in .ssh) > > I want my imaginary ssh configuration to be the equivalent of > host myserver > IdentityAgent /tmp/agentformyserver > IdentityFile never > > I have tried setting an explicit "IdentityFile /dev/null" and > "IdentityFile /tmp/id_rsa_IGNORED". Ssh then ignores the > IdentityAgent and fails because the IdentityFile is empty or > rightfully not recognized by myserver. > > Is there another way to do this?IdentityFile=none should work