Hi, I believe it would make more sense if, when specifying a key with -i, that key (or keys) should be tried prior to the keys in the agent. Otherwise, if I have many keys in my agent, the server will kick me out. I can see no situation where one would like to use agent keys instead of the ones explicitly stated. Do you agree? The workaround is of course to set the IdentitiesOnly option. Best regards (off list, please include me in reply) -- Max Thoursie
On Tue, 21 Jan 2014, Max Thoursie wrote:> Hi, > > I believe it would make more sense if, > when specifying a key with -i, that key (or keys) should be tried prior to > the keys in the agent. > > Otherwise, if I have many keys in my agent, the server will kick me out. I > can see no situation where one would like to use agent keys instead of the > ones explicitly stated. > > Do you agree?Yes, and that is what the code is supposed to do already. See sshconnect2.c:pubkey_prepare() -d
Apparently Analagous Threads
- [Bug 2642] New: [sshconnect2] publickey authentication only properly works if used first: pubkey_prepare doesn't work after pubkey_cleanup
- [Bug 684] ssh cannot access keys stored in agent
- [PATCH] ssh: Add option to present certificates on command line
- [Bug 2095] New: ssh client not respecting IdentitiesOnly=yes option
- [patch] Automatically add keys to agent