bugzilla-daemon at mindrot.org
2014-Apr-04 20:14 UTC
[Bug 2221] New: Explicit identity files are being used after implicit files are attempted
https://bugzilla.mindrot.org/show_bug.cgi?id=2221
Bug ID: 2221
Summary: Explicit identity files are being used after implicit
files are attempted
Product: Portable OpenSSH
Version: 6.2p1
Hardware: Other
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: mhall119 at gmail.com
When explicitly setting an identity, either via the -i commandline
parameter or IdentityFile in the ssh config, these files are used only
after any other identity files found in ~/.ssh/ have failed pubkey
authentication.
When the remote host limits the number of pubkey authentication
failures before disconnecting, this can lead to a situation where the
explicit identity file is not even used when connecting to that host.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2014-Apr-04 20:14 UTC
[Bug 2221] Explicit identity files are being used after implicit files are attempted
https://bugzilla.mindrot.org/show_bug.cgi?id=2221
Michael Hall <mhall119 at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Hardware|Other |ix86
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2014-Apr-04 22:10 UTC
[Bug 2221] Explicit identity files are being used after implicit files are attempted
https://bugzilla.mindrot.org/show_bug.cgi?id=2221
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |djm at mindrot.org
Resolution|--- |INVALID
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
You need IdentitiesOnly=yes; from ssh_config(1):
IdentitiesOnly
Specifies that ssh(1) should only use the authentication identity
files configured in the ssh_config files, even if ssh-agent(1) or
a PKCS11Provider offers more identities. The argument to this
keyword must be ?yes? or ?no?. This option is intended for situ?
ations where ssh-agent offers many different identities. The
default is ?no?.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2015-Aug-11 13:04 UTC
[Bug 2221] Explicit identity files are being used after implicit files are attempted
https://bugzilla.mindrot.org/show_bug.cgi?id=2221
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Set all RESOLVED bugs to CLOSED with release of OpenSSH 7.1
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
Possibly Parallel Threads
- [Bug 2095] New: ssh client not respecting IdentitiesOnly=yes option
- Specification of identity for ssh client to use
- certificates keys on pkcs11 devices
- [Bug 3153] New: Prefer user specified keys to avoid the agent overloading MaxAuthTries before even trying the key that was specified
- [Bug 2024] New: Allow to ssh client say to ssh-agent which key should be used.