Displaying 20 results from an estimated 52 matches for "identitieson".
Did you mean:
identities
2019 Oct 09
3
[Bug 3080] New: Document IdentityFile=none and clarify interaction of defaults with IdentitiesOnly
https://bugzilla.mindrot.org/show_bug.cgi?id=3080
Bug ID: 3080
Summary: Document IdentityFile=none and clarify interaction of
defaults with IdentitiesOnly
Product: Portable OpenSSH
Version: 8.0p1
Hardware: Other
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: Documentation
Assignee: unassigned-bugs at mindrot.org
Reporter: opens...
2019 Apr 01
2
IdentityFile vs IdentitiesOnly
...ror message like
Received disconnect from 2001:db8::8077 port 999:2: Too many authentication failures
Authentication failed.
AFAIU the ssh-agent is to blame here, trying out all keys
he has ever seen. This conflicts with MaxAuthTries 6, set by
default on the peer.
The solution seems to be to set IdentitiesOnly, e.g.:
:
:
Host host.example.com 2001:db8::8077
IdentityFile ~/.ssh/id_ecdsa
IdentitiesOnly yes
Port 999
:
:
Shouldn't an explicit IdentityFile (as in the example) *imply*
IdentitiesOnly?
Every helpful comment is highly appreciated
Harri
2013 Apr 30
3
[Bug 2095] New: ssh client not respecting IdentitiesOnly=yes option
https://bugzilla.mindrot.org/show_bug.cgi?id=2095
Bug ID: 2095
Summary: ssh client not respecting IdentitiesOnly=yes option
Classification: Unclassified
Product: Portable OpenSSH
Version: 6.2p1
Hardware: All
OS: All
Status: NEW
Severity: trivial
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mind...
2019 Apr 02
2
IdentityFile vs IdentitiesOnly
...0:41 AM, Darren Tucker wrote:
> On Mon, 1 Apr 2019 at 08:12, Harald Dunkel <harald.dunkel at aixigo.de> wrote:
>> I've got a moderate number of keys in my ssh config file.
>> Problem: Very often I get an error message like
> [...]
>> The solution seems to be to set IdentitiesOnly, e.g.:
> [...]
>> Shouldn't an explicit IdentityFile (as in the example) *imply*
>> IdentitiesOnly?
>
> Probably not. What version are you using? Is this key in the agent
> or do you need to supply a passphrase?
>
My client is 7.4 or newer, but the peers might...
2020 Apr 23
6
[Bug 3153] New: Prefer user specified keys to avoid the agent overloading MaxAuthTries before even trying the key that was specified
...report to Ubuntu [1] I was wondering that this issue
seems to exist for so long and affect so many people
[2][3][4][5][6][7][8].
It was also discussed within openssh in [9][10].
But in all of those cases all that was done was to suggest workarounds
like "PubkeyAuthentication=no" or "IdentitiesOnly=yes", but IMHO those
are all just exactly that - workarounds.
Also there are many "related but not entirely the same" upstream bugs
like [11][12], but it seems no one has yet discussed the approach we
had in mind.
If a usual user calls ssh like
ssh -i <mykey> ...
And gets...
2009 Jan 22
0
Unintended key info disclosure via ForwardAgent?
...ed]
User ssh-add's keys for all local and remote host groups.
~/.ssh/config:
Host locala*
ForwardAgent yes
IdentityFile ~/.ssh/id_dsa_locala
Host remotea*
IdentityFile ~/.ssh/id_dsa_remotea
Host remoteb*
IdentityFile ~/.ssh/id_dsa_remoteb
...
Host *
ForwardAgent no
IdentitiesOnly yes
local[g][n] - local hosts [generally trusted]
ssh[d]_config are the installed default, ~/.ssh/config doesn't exist.
Access is via ~/.ssh/authorized_keys only.
remote[g][n] - remote internet hosts [generally untrusted]
ssh[d]_config are the installed default, ~/.ssh/config doesn...
2013 Jan 29
16
[Bug 2066] New: ssh tries the keys proposed by the agent before those passed with -i
https://bugzilla.mindrot.org/show_bug.cgi?id=2066
Bug ID: 2066
Summary: ssh tries the keys proposed by the agent before those
passed with -i
Classification: Unclassified
Product: Portable OpenSSH
Version: 6.0p1
Hardware: All
OS: Linux
Status: NEW
Severity: normal
2004 May 12
3
Oddness with agent forwarding and -i
Hey everyone,
I hope this isn't an old issue; I wasn't able to
locate it in the archives.
I have a number of scripts which make use of ssh -i
and scp -i, where the target host has the specified
key in its authorized_keys file with a command=
override to do immediate processing of the received
data. This works extremely well, as we are able to
establish single-function, triggered-action
2014 Jan 09
1
OSX - SSH agent functionality differing based upon CLI arguments
...connection, and and execute a remote git clone (via SSH), the Agent Forwarding works, and I am not prompted for credentials:
ssh vagrant at 127.0.0.1 -p 2222 \
-o Compression=yes \
-o StrictHostKeyChecking=no \
-o LogLevel=FATAL \
-o StrictHostKeyChecking=no \
-o UserKnownHostsFile=/dev/null \
-o IdentitiesOnly=yes \
-i /Users/bryanhunt/.vagrant.d/insecure_private_key \
-o ForwardAgent=yes \
"/bin/sh -c 'git clone git at bitbucket.org:bryan_picsolve/poc_docker.git /home/vagrant/poc_dockera' "
Cloning into '/home/vagrant/poc_dockera'...
In the second instance I express the arg...
2012 Jul 06
9
[Bug 2024] New: Allow to ssh client say to ssh-agent which key should be used.
https://bugzilla.mindrot.org/show_bug.cgi?id=2024
Priority: P5
Bug ID: 2024
Assignee: unassigned-bugs at mindrot.org
Summary: Allow to ssh client say to ssh-agent which key should
be used.
Severity: enhancement
Classification: Unclassified
OS: Linux
Reporter: pub at mnu.pp.ru
Hardware:
2004 Mar 30
0
[Bug 448] ssh ignores key specified with -i if agent is running
...--- Additional Comments From djm at mindrot.org 2004-03-30 16:12 -------
Fixed:
revision 1.124
date: 2004/03/08 12:12:36; author: djm; state: Exp; lines: +2 -2
- markus at cvs.openbsd.org 2004/03/05 10:53:58
[readconf.c readconf.h scp.1 sftp.1 ssh.1 ssh_config.5 sshconnect2.c]
add IdentitiesOnly; ok djm@, pb@
> IdentitiesOnly
> Specifies that ssh should only use the authentication identity
> files configured in the ssh_config files, even if the ssh-agent
> offers more identities. The argument to this keyword must be
> ``yes'' or ``no''. T...
2011 Aug 25
1
Add missing -o options in ssh(1) manual
...ntrolPath
+.It ControlPersist
.It DynamicForward
.It EscapeChar
.It ExitOnForwardFailure
.It ForwardAgent
.It ForwardX11
+.It ForwardX11Timeout
.It ForwardX11Trusted
.It GatewayPorts
.It GlobalKnownHostsFile
@@ -438,6 +440,7 @@ For full details of the options listed b
.It IdentityFile
.It IdentitiesOnly
.It IPQoS
+.It KbdInteractiveAuthentication
.It KbdInteractiveDevices
.It KexAlgorithms
.It LocalCommand
2014 Mar 20
1
[Bug 2214] New: Key is detected as existing if LogLevel=QUIET
...e of the cases is when configuration
file contains a LogLevel=QUIET option.
Lets assume that ~/.ssh/config contains:
> Host 127.*
> LogLevel QUIET
And we have no valid key for localhost. Attempting to connect doesn't
give any errors:
> $ ssh -o PreferredAuthentications=publickey -o IdentitiesOnly=yes user at 127.0.0.1
> $ ssh -o LogLevel=INFO -o PreferredAuthentications=publickey -o IdentitiesOnly=yes user at 127.0.0.1
> Permission denied (publickey,password).
The fix is to add LogLevel=INFO to the ssh command, which is a sane
default since ssh-copy-id actually depends on ssh to ha...
2014 Apr 04
3
[Bug 2221] New: Explicit identity files are being used after implicit files are attempted
https://bugzilla.mindrot.org/show_bug.cgi?id=2221
Bug ID: 2221
Summary: Explicit identity files are being used after implicit
files are attempted
Product: Portable OpenSSH
Version: 6.2p1
Hardware: Other
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component:
2017 Jun 21
1
encoding/locale problem with ssh -X
...----
My setup:
- locally:
Linux (Debian GNU/Linux 9)
- remotely
Linux (RHEL Server release 7.3 (Maipo)
(Maybe) relevant bits of my .ssh/config:
,----
| Host theserver
| HostName XXX.XXX.XXX.XXX
| ForwardX11 yes
| ForwardX11Timeout 596h
| IdentityFile ~/.ssh/id_rsa
| IdentitiesOnly yes
| ForwardAgent yes
| ServerAliveInterval 300
`----
Thanks in advance for your help!
Best,
Andreas
2023 Nov 12
1
Match Principal enhancement
...d key has previously been provided with appropriate principals (and maybe source-addresses etc). They would be configured to use something like the following in their ssh config file
Host sshgw.example.com <http://sshgw.example.com/>
User sshfwd
ProxyJump none
Host *.example.com
IdentitiesOnly yes
IdentityFile batcha
User batcha
ProxyJump batcha
I can also see other potential uses for it on target computers where I only allow connections using keys signed by a trusted CA.
Regards,
Bret
2010 Nov 08
3
[Bug 1834] New: OpenSSH ignores keys in ~/.ssh/config and offers keys from Seahorse instead
https://bugzilla.mindrot.org/show_bug.cgi?id=1834
Summary: OpenSSH ignores keys in ~/.ssh/config and offers keys
from Seahorse instead
Product: Portable OpenSSH
Version: 5.6p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo:
2016 Mar 11
2
Forward only specific identities
...ormation but I can't seem to find a way to only forward specific
identities to some hosts. What I would really like to have is a way to
only forward the identity that gave me a successful auth:
% ls ~/.ssh | grep .pub
id_ecdsa.pub
id_ed25519.pub
id_rsa.pub
% cat .ssh/config
Host example.com:
IdentitiesOnly=yes
IdentityFile=/home/tspriggs/.ssh/id_rsa.pub
Host another-example.com:
IdentitiesOnly=yes
IdentityFile=/home/tspriggs/.ssh/id_ecdsa.pub
# This would be super cool:
Host *
OnlyForwardAuthedKey=yes
% ssh tspriggs at example.com
example.com % ssh-agent -L
ssh-rsa ...
example.com % ssh...
2023 Nov 12
1
Match Principal enhancement
...with appropriate principals (and maybe source-addresses etc). They would be configured to use something like the following in their ssh config file
>
> Host sshgw.example.com <http://sshgw.example.com/>
> User sshfwd
> ProxyJump none
>
> Host *.example.com
> IdentitiesOnly yes
> IdentityFile batcha
> User batcha
> ProxyJump batcha
>
> I can also see other potential uses for it on target computers where I only allow connections using keys signed by a trusted CA.
>
> Regards,
>
> Bret
>
> ______________________________...
2018 Jan 02
3
Restricting port forwarding on remote server
> From: Juanito <juam at posteo.net>
>
> If I create a tunnel like this from the client side,
>
> ssh -nNTv -o ServerAliveInterval=60 -o ServerAliveCountMax=3 -o
IdentitiesOnly=yes -o UserKnownHostsFile=$known_hosts_file -i
/etc/sshquare/id_rsa -R $port:localhost:22 $user@$host
>
> would it be possible on the server side to restrict $port to say 10000
> and deny it on all other ports. In a way that $user is only allowed to
> forward a local port and bind...