bugzilla-daemon at bugzilla.mindrot.org
2019-Oct-09 08:54 UTC
[Bug 3080] New: Document IdentityFile=none and clarify interaction of defaults with IdentitiesOnly
https://bugzilla.mindrot.org/show_bug.cgi?id=3080 Bug ID: 3080 Summary: Document IdentityFile=none and clarify interaction of defaults with IdentitiesOnly Product: Portable OpenSSH Version: 8.0p1 Hardware: Other OS: All Status: NEW Severity: normal Priority: P5 Component: Documentation Assignee: unassigned-bugs at mindrot.org Reporter: openssh at nuclearsunshine.com Currently the documentation for IdentitiesOnly states: "Specifies that ssh(1) should only use the authentication identity and certificate files explicitly configured in the ssh_config files or passed on the ssh(1) command-line..." This is inaccurate, as with no IdentityFile configuration in /etc/ssh/ssh_config or ~/.ssh/config, the *default* IdentityFile value (documented but not *explicitly configured* is used when IdentitiesOnly is set. This is compounded by the fact that the mechanism for setting IdentityFile to empty (using the special "none" string) is not documented (see https://bugzilla.mindrot.org/show_bug.cgi?id=2362). I suggest the following fixes: * Update the IdentityFile documentation to mention the "none" string. * Change the IdentitiesOnly documentation to say that it will use the *default* IdentityFile configuration if that parameter is not explicitly configured (and draw specific attention to this, as it's unlikely to be what the user wants if they specify IdentitiesOnly - I suggest recommending the above IdentityFile setting). -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2020-Jul-10 04:17 UTC
[Bug 3080] Document IdentityFile=none and clarify interaction of defaults with IdentitiesOnly
https://bugzilla.mindrot.org/show_bug.cgi?id=3080 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|NEW |RESOLVED CC| |djm at mindrot.org --- Comment #1 from Damien Miller <djm at mindrot.org> --- This was fixed last September in commit 7047d5afe3 and should be in OpenSSH 8.2 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2020-Jul-11 08:11 UTC
[Bug 3080] Document IdentityFile=none and clarify interaction of defaults with IdentitiesOnly
https://bugzilla.mindrot.org/show_bug.cgi?id=3080 osnuc <openssh at nuclearsunshine.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|FIXED |--- Status|RESOLVED |REOPENED --- Comment #2 from osnuc <openssh at nuclearsunshine.com> --- Hi, thanks for the update on this. As far as I can see, the special "none" string for IdentityFile still remains undocumented. So as a minimum, can you please make the following change: * in the IdentityFile section, mention the special "none" value. Additionally, a common use case for IdentitiesOnly is to set it to yes globally, and then set IdentityFile for each host, with the intention of *only* trying the explicitly configured key. However, this will not have the desired effect, since OpenSSH will still try (falling back on?) keys with standard names. For this reason, it would be helpful to add the following: * in the IdentitiesOnly section, mention also needing to set IdentityFile to none if the user does not want to fall back on SSH keys with standard names. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Oct-11 06:42 UTC
[Bug 3080] Document IdentityFile=none and clarify interaction of defaults with IdentitiesOnly
https://bugzilla.mindrot.org/show_bug.cgi?id=3080 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|REOPENED |RESOLVED --- Comment #3 from Damien Miller <djm at mindrot.org> --- https://github.com/openssh/openssh-portable/commit/fc77c8e352c0f44125425c05265e3a00c183d78a mentions IdentityFile=none -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.