similar to: [Bug 410] when -i or IdentityFile is specified, agent keys are still tried first

http://bugzilla.mindrot.org/show_bug.cgi?id=410 Summary: when -i or IdentityFile is specified, agent keys are still tried first Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: minor Priority: P2 Component: ssh-agent AssignedTo:

I've noticed that the ssh-agent applies any keys it already has passwords for (via ssh-add) first, overriding the ssh config files for preferred identity file from .ssh/config and -i. This seems a documented behavior. However, this causes problems with some tool chains that use the authorized_keys command directive to change behavior based on which key is used. In my case, I use gitolite for

https://bugzilla.mindrot.org/show_bug.cgi?id=2066 Bug ID: 2066 Summary: ssh tries the keys proposed by the agent before those passed with -i Classification: Unclassified Product: Portable OpenSSH Version: 6.0p1 Hardware: All OS: Linux Status: NEW Severity: normal

editors note: just now found something about IdentitiesOnly that might do the trick. there's some other stuff in here too. about preventing info leakage [keys for other sites] from appearing in the client<-->server key negotiation with ssh-agent and IdentityFile. ssh/config:IdentityFile - seems to indicate that only the specified key will be tried, and if that key fails, no other keys

On 2024/01/02 09:51, Chris Green wrote: > I think I have it! I need to unset SSH_AUTH_SOCK, that's all that's > needed. See:- > > chris$ ssh -i backup_id_rsa backup > [here the pop-up appears and I cancel it] > sign_and_send_pubkey: signing failed for RSA "backup_id_rsa" from > agent: agent refused operation > chris at backup's

http://bugzilla.mindrot.org/show_bug.cgi?id=448 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|trivial |enhancement ------- Additional Comments From markus at openbsd.org 2002-11-28 21:37 ------- having -i automagically turning off the

Does agent forwarding work with DSA keys? I'm using 2.2.0p1 on RedHat Linux 6.2 (Alpha) and Solaris 2.6 (SPARC). If I ssh-add my RSA key into the local agent and ssh to another machine, the agent connection is forwarded properly. (I can say "ssh-add -l" and see my keys.) If I ssh-add my DSA key into the local agent and "ssh -2" to another machine, the agent connection

https://bugzilla.mindrot.org/show_bug.cgi?id=3186 Bug ID: 3186 Summary: ProxyJump should include IdentityFile when specified Product: Portable OpenSSH Version: 8.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee:

https://bugzilla.mindrot.org/show_bug.cgi?id=1974 Zev Weiss <zev at bewilderbeest.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |zev at bewilderbeest.net Attachment #2125|0 |1 is obsolete|

http://bugzilla.mindrot.org/show_bug.cgi?id=684 Summary: ssh cannot access keys stored in agent Product: Portable OpenSSH Version: 3.7.1p1 Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: major Priority: P2 Component: ssh AssignedTo: openssh-bugs at mindrot.org ReportedBy:

https://bugzilla.mindrot.org/show_bug.cgi?id=3080 Bug ID: 3080 Summary: Document IdentityFile=none and clarify interaction of defaults with IdentitiesOnly Product: Portable OpenSSH Version: 8.0p1 Hardware: Other OS: All Status: NEW Severity: normal Priority: P5

> > There must be *something* in the environment that affects this because > I'm seeing two different ways of asking for the passphrase on the same > screen. The only difference is that one is a simple terminal window > running on my system and the other is one where I have used ssh to > connect to a remote system and then ssh again back to the 'home' > system.

https://bugzilla.mindrot.org/show_bug.cgi?id=3570 Bug ID: 3570 Summary: Add substitution token for explicitly selected IdentityFile for ControlPath selection Product: Portable OpenSSH Version: 9.3p1 Hardware: All OS: Linux Status: NEW Severity: enhancement Priority: P5

http://bugzilla.mindrot.org/show_bug.cgi?id=93 ------- Additional Comments From jprondak at visualmedia.com 2002-02-02 08:45 ------- Created an attachment (id=16) ssh-add.c patch to search ssh_config for IdentityFile(s) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=448 Summary: ssh ignores key specified with -i if agent is running Product: Portable OpenSSH Version: older versions Platform: All OS/Version: Linux Status: NEW Severity: trivial Priority: P2 Component: ssh AssignedTo: openssh-unix-dev at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=500 ------- Additional Comments From djm at mindrot.org 2003-02-24 12:43 ------- I think that: [ -z "$SSH_AUTH_SOCK" ] && eval `ssh-agent -s` [ -z "$SSH_AGENT_PID" ] || ssh-add -l >/dev/null 2>&1 || ssh-add Is as effective and a lot more concise. On the other hand, fragile heuristics like: > export

Mon Dec 25 20:19:05 GMT 2000 Greetings. I noticed that in OpenSSH_2.2.0, DSA keys were allowed to be added to ssh-agent, however the ability for allowing ForwardAgent does not yet seem in place for protocol-2. I've noticed that when using protocol-2, no socket is created in /tmp/ssh-*/, and consequently SSH_AUTH_SOCK is not being set. Hence the ability to ssh to another machine (using

http://bugzilla.mindrot.org/show_bug.cgi?id=1159 Summary: %u and %h not handled in IdentityFile Product: Portable OpenSSH Version: 4.3p2 Platform: All URL: http://www.math.ualberta.ca/imaging/snfs/openssh.html OS/Version: Linux Status: NEW Keywords: patch Severity: normal Priority: P2

Here is the user-dependent IdentityFile patch for openssh3.5 (BSD version), which allows private key files to be placed system wide (for all users) in a secure (non-NFS) mounted location. This addresses an important security hole on systems where home directories are NFS mounted, particularly if there are users who use blank passphrases (or when lpd is tunneled through ssh on systems running lpd

On Tue, Jan 15, 2002 at 06:00:50PM -0000, John Bowman wrote: > > Date: Tue, 15 Jan 2002 17:29:44 +0100 > > From: Markus Friedl <markus at openbsd.org> > > Cc: openssh at openbsd.org > > Content-Type: text/plain; charset=us-ascii > > Content-Disposition: inline > > User-Agent: Mutt/1.3.25i > > > > On Tue, Jan 15, 2002 at 03:46:15PM -0000, John