Displaying 20 results from an estimated 1000 matches similar to: "IdentityFile vs IdentitiesOnly"
2019 Apr 02
2
IdentityFile vs IdentitiesOnly
Hi Darren,
On 4/1/19 10:41 AM, Darren Tucker wrote:
> On Mon, 1 Apr 2019 at 08:12, Harald Dunkel <harald.dunkel at aixigo.de> wrote:
>> I've got a moderate number of keys in my ssh config file.
>> Problem: Very often I get an error message like
> [...]
>> The solution seems to be to set IdentitiesOnly, e.g.:
> [...]
>> Shouldn't an explicit
2019 Oct 09
3
[Bug 3080] New: Document IdentityFile=none and clarify interaction of defaults with IdentitiesOnly
https://bugzilla.mindrot.org/show_bug.cgi?id=3080
Bug ID: 3080
Summary: Document IdentityFile=none and clarify interaction of
defaults with IdentitiesOnly
Product: Portable OpenSSH
Version: 8.0p1
Hardware: Other
OS: All
Status: NEW
Severity: normal
Priority: P5
2011 Dec 13
3
ssh-agent and IdentityFile
I've noticed that the ssh-agent applies any keys it already has
passwords for (via ssh-add) first, overriding the ssh config files for
preferred identity file from .ssh/config and -i. This seems a
documented behavior.
However, this causes problems with some tool chains that use the
authorized_keys command directive to change behavior based on which
key is used.
In my case, I use gitolite for
2024 Apr 19
2
[Bug 3681] New: SSH Agent Certificate Not Recognized with 'IdentitiesOnly' Configured
https://bugzilla.mindrot.org/show_bug.cgi?id=3681
Bug ID: 3681
Summary: SSH Agent Certificate Not Recognized with
'IdentitiesOnly' Configured
Product: Portable OpenSSH
Version: 9.7p1
Hardware: All
OS: All
Status: NEW
Severity: trivial
Priority: P5
Component:
2013 Jan 29
16
[Bug 2066] New: ssh tries the keys proposed by the agent before those passed with -i
https://bugzilla.mindrot.org/show_bug.cgi?id=2066
Bug ID: 2066
Summary: ssh tries the keys proposed by the agent before those
passed with -i
Classification: Unclassified
Product: Portable OpenSSH
Version: 6.0p1
Hardware: All
OS: Linux
Status: NEW
Severity: normal
2019 Jul 03
5
using RedHat binary packages?
Hi folks,
AFAIK CentOS uses RedHat's source RPMs for building the next CentOS
release. I am not sure about the bootstrap procedure and the infra-
structure packages, so lets put these corner cases aside.
RedHat's "regular" binary and source packages are based on open source
(GPL2, GPL3, Apache license, whatever). For building the binary RPMs
other open source RPMs with
2011 Aug 25
1
Add missing -o options in ssh(1) manual
A few options appear to be missing from the list in ssh's manual.
The one I didn't add is EnableSSHKeysign, whose description implies
it is only effective when placed in the system-wide config file.
Index: ssh.1
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh.1,v
retrieving revision 1.319
diff -u -p -r1.319 ssh.1
--- ssh.1 7 May 2011
2004 Jun 20
0
key management with ssh-agent, IdentityFile and info leakage
editors note: just now found something about IdentitiesOnly that might do the
trick. there's some other stuff in here too.
about preventing info leakage [keys for other sites] from appearing in the
client<-->server key negotiation with ssh-agent and IdentityFile.
ssh/config:IdentityFile - seems to indicate that only the specified key will
be tried, and if that key fails, no other keys
2017 Jun 21
1
encoding/locale problem with ssh -X
Hi all,
I am struggling with remote R sessions and a (I suspect) locale related
encoding problem: Using the X11 device (X11forwarding enabled),
whenever I try to plot something containing umlauts using ggplot2, I am
seeing sth like
,----
| Error in grid.Call(L_stringMetric, as.graphicsAnnot(x$label)) :
| invalid use of -61 < 0 in 'X11_MetricInfo'
`----
Using base graphics is fine
2023 Nov 12
1
Match Principal enhancement
Hi OpenSSH devs,
I?m wondering if the following has any merit and can be done securely ...
If you could match on principals in the sshd_config, then (for example) on a gateway machine, you could have something like
/etc/ssh/authorized_keys/sshfwd:
cert-authority,principals=?batcha-fwd,batchb-fwd? ...
/etc/ssh/sshd_config containing:
Match User sshfwd
PubkeyAuthentication yes
2023 Nov 12
1
Match Principal enhancement
AFAIK everything you described here could be done using the
AuthorizedKeysCommand or AuthorizedPrincipalsCommand directives. These
can emit authorized_keys options (inc. permitopen) as well as the allowed
keys/principals.
On Sun, 12 Nov 2023, Bret Giddings wrote:
> Hi OpenSSH devs,
>
> I?m wondering if the following has any merit and can be done securely ...
>
> If you could
2009 Jan 22
0
Unintended key info disclosure via ForwardAgent?
It seems that users may be disclosing unintended public key info
when logging into remote hosts.
Use of the words keypair/keyid/etc have been bastardized. Signature
is likely better. Note also, the author may be without clue.
Setup:
[g] - refers to an administrative group of hosts
[n] - refers to a host within that group
ws[g][n] - management workstations [trusted]
User ssh-add's keys for
2013 Apr 30
3
[Bug 2095] New: ssh client not respecting IdentitiesOnly=yes option
https://bugzilla.mindrot.org/show_bug.cgi?id=2095
Bug ID: 2095
Summary: ssh client not respecting IdentitiesOnly=yes option
Classification: Unclassified
Product: Portable OpenSSH
Version: 6.2p1
Hardware: All
OS: All
Status: NEW
Severity: trivial
Priority: P5
Component: ssh
2011 May 02
12
[Bug 1898] New: possible unreasonable behaviour when using ProxyCommand with multiple IdentityFile(s)
https://bugzilla.mindrot.org/show_bug.cgi?id=1898
Summary: possible unreasonable behaviour when using
ProxyCommand with multiple IdentityFile(s)
Product: Portable OpenSSH
Version: 5.8p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Miscellaneous
2020 Apr 23
6
[Bug 3153] New: Prefer user specified keys to avoid the agent overloading MaxAuthTries before even trying the key that was specified
https://bugzilla.mindrot.org/show_bug.cgi?id=3153
Bug ID: 3153
Summary: Prefer user specified keys to avoid the agent
overloading MaxAuthTries before even trying the key
that was specified
Product: Portable OpenSSH
Version: 8.2p1
Hardware: Other
OS: Linux
Status: NEW
2012 Jul 06
9
[Bug 2024] New: Allow to ssh client say to ssh-agent which key should be used.
https://bugzilla.mindrot.org/show_bug.cgi?id=2024
Priority: P5
Bug ID: 2024
Assignee: unassigned-bugs at mindrot.org
Summary: Allow to ssh client say to ssh-agent which key should
be used.
Severity: enhancement
Classification: Unclassified
OS: Linux
Reporter: pub at mnu.pp.ru
Hardware:
2006 Feb 22
8
[Bug 1159] %u and %h not handled in IdentityFile
http://bugzilla.mindrot.org/show_bug.cgi?id=1159
Summary: %u and %h not handled in IdentityFile
Product: Portable OpenSSH
Version: 4.3p2
Platform: All
URL: http://www.math.ualberta.ca/imaging/snfs/openssh.html
OS/Version: Linux
Status: NEW
Keywords: patch
Severity: normal
Priority: P2
2005 Dec 05
3
Specification of identity for ssh client to use
Is there any way to tell the openssh client exactly which identity to
use for an outgoing commection? I know about "-i identityfile", but
it doesn't do what I want. I want to precisely specify the identity
to use, not just add an identity to a list of things to try. Whatever
mechanism is used should work both for local files and for identities
managed by ssh-agent.
My ssh client
2002 Jan 27
1
[PATCH] Add user-dependent IdentityFile to OpenSSH-3.0.2p1
Here is a patch to allow private key files to be placed system wide (for
all users) in a secure (non-NFS) mounted location on systems where home
directories are NFS mounted. This is especially important for users who use
blank passphrases rather than ssh-agent (a good example of where this is
necessary is for tunnelling lpd through ssh on systems that run lpd as user
lp).
IdentityFile now accepts
2024 Jun 05
2
Can one set an agent timeout for a specific host?
If I set a timeout for a specific host's key does it set the timeout
for just that key/host?
I.e. if I do something like in ~/.ssh/config:-
#
#
# backup, use public-key authentication
#
Host backup
IdentityFile ~/.ssh/backup_id_rsa
IdentityAgent 600
Will it just time out the key saved for backup and leave any other
keys with the default no timeout?
--