similar to: IdentityFile vs IdentitiesOnly

Displaying 20 results from an estimated 1000 matches similar to: "IdentityFile vs IdentitiesOnly"

2019 Apr 02
2
IdentityFile vs IdentitiesOnly
Hi Darren, On 4/1/19 10:41 AM, Darren Tucker wrote: > On Mon, 1 Apr 2019 at 08:12, Harald Dunkel <harald.dunkel at aixigo.de> wrote: >> I've got a moderate number of keys in my ssh config file. >> Problem: Very often I get an error message like > [...] >> The solution seems to be to set IdentitiesOnly, e.g.: > [...] >> Shouldn't an explicit
2019 Oct 09
3
[Bug 3080] New: Document IdentityFile=none and clarify interaction of defaults with IdentitiesOnly
https://bugzilla.mindrot.org/show_bug.cgi?id=3080 Bug ID: 3080 Summary: Document IdentityFile=none and clarify interaction of defaults with IdentitiesOnly Product: Portable OpenSSH Version: 8.0p1 Hardware: Other OS: All Status: NEW Severity: normal Priority: P5
2011 Dec 13
3
ssh-agent and IdentityFile
I've noticed that the ssh-agent applies any keys it already has passwords for (via ssh-add) first, overriding the ssh config files for preferred identity file from .ssh/config and -i. This seems a documented behavior. However, this causes problems with some tool chains that use the authorized_keys command directive to change behavior based on which key is used. In my case, I use gitolite for
2024 Apr 19
2
[Bug 3681] New: SSH Agent Certificate Not Recognized with 'IdentitiesOnly' Configured
https://bugzilla.mindrot.org/show_bug.cgi?id=3681 Bug ID: 3681 Summary: SSH Agent Certificate Not Recognized with 'IdentitiesOnly' Configured Product: Portable OpenSSH Version: 9.7p1 Hardware: All OS: All Status: NEW Severity: trivial Priority: P5 Component:
2013 Jan 29
16
[Bug 2066] New: ssh tries the keys proposed by the agent before those passed with -i
https://bugzilla.mindrot.org/show_bug.cgi?id=2066 Bug ID: 2066 Summary: ssh tries the keys proposed by the agent before those passed with -i Classification: Unclassified Product: Portable OpenSSH Version: 6.0p1 Hardware: All OS: Linux Status: NEW Severity: normal
2019 Jul 03
5
using RedHat binary packages?
Hi folks, AFAIK CentOS uses RedHat's source RPMs for building the next CentOS release. I am not sure about the bootstrap procedure and the infra- structure packages, so lets put these corner cases aside. RedHat's "regular" binary and source packages are based on open source (GPL2, GPL3, Apache license, whatever). For building the binary RPMs other open source RPMs with
2011 Aug 25
1
Add missing -o options in ssh(1) manual
A few options appear to be missing from the list in ssh's manual. The one I didn't add is EnableSSHKeysign, whose description implies it is only effective when placed in the system-wide config file. Index: ssh.1 =================================================================== RCS file: /cvs/src/usr.bin/ssh/ssh.1,v retrieving revision 1.319 diff -u -p -r1.319 ssh.1 --- ssh.1 7 May 2011
2004 Jun 20
0
key management with ssh-agent, IdentityFile and info leakage
editors note: just now found something about IdentitiesOnly that might do the trick. there's some other stuff in here too. about preventing info leakage [keys for other sites] from appearing in the client<-->server key negotiation with ssh-agent and IdentityFile. ssh/config:IdentityFile - seems to indicate that only the specified key will be tried, and if that key fails, no other keys
2017 Jun 21
1
encoding/locale problem with ssh -X
Hi all, I am struggling with remote R sessions and a (I suspect) locale related encoding problem: Using the X11 device (X11forwarding enabled), whenever I try to plot something containing umlauts using ggplot2, I am seeing sth like ,---- | Error in grid.Call(L_stringMetric, as.graphicsAnnot(x$label)) : | invalid use of -61 < 0 in 'X11_MetricInfo' `---- Using base graphics is fine
2023 Nov 12
1
Match Principal enhancement
Hi OpenSSH devs, I?m wondering if the following has any merit and can be done securely ... If you could match on principals in the sshd_config, then (for example) on a gateway machine, you could have something like /etc/ssh/authorized_keys/sshfwd: cert-authority,principals=?batcha-fwd,batchb-fwd? ... /etc/ssh/sshd_config containing: Match User sshfwd PubkeyAuthentication yes
2023 Nov 12
1
Match Principal enhancement
AFAIK everything you described here could be done using the AuthorizedKeysCommand or AuthorizedPrincipalsCommand directives. These can emit authorized_keys options (inc. permitopen) as well as the allowed keys/principals. On Sun, 12 Nov 2023, Bret Giddings wrote: > Hi OpenSSH devs, > > I?m wondering if the following has any merit and can be done securely ... > > If you could
2009 Jan 22
0
Unintended key info disclosure via ForwardAgent?
It seems that users may be disclosing unintended public key info when logging into remote hosts. Use of the words keypair/keyid/etc have been bastardized. Signature is likely better. Note also, the author may be without clue. Setup: [g] - refers to an administrative group of hosts [n] - refers to a host within that group ws[g][n] - management workstations [trusted] User ssh-add's keys for
2013 Apr 30
3
[Bug 2095] New: ssh client not respecting IdentitiesOnly=yes option
https://bugzilla.mindrot.org/show_bug.cgi?id=2095 Bug ID: 2095 Summary: ssh client not respecting IdentitiesOnly=yes option Classification: Unclassified Product: Portable OpenSSH Version: 6.2p1 Hardware: All OS: All Status: NEW Severity: trivial Priority: P5 Component: ssh
2011 May 02
12
[Bug 1898] New: possible unreasonable behaviour when using ProxyCommand with multiple IdentityFile(s)
https://bugzilla.mindrot.org/show_bug.cgi?id=1898 Summary: possible unreasonable behaviour when using ProxyCommand with multiple IdentityFile(s) Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Miscellaneous
2020 Apr 23
6
[Bug 3153] New: Prefer user specified keys to avoid the agent overloading MaxAuthTries before even trying the key that was specified
https://bugzilla.mindrot.org/show_bug.cgi?id=3153 Bug ID: 3153 Summary: Prefer user specified keys to avoid the agent overloading MaxAuthTries before even trying the key that was specified Product: Portable OpenSSH Version: 8.2p1 Hardware: Other OS: Linux Status: NEW
2012 Jul 06
9
[Bug 2024] New: Allow to ssh client say to ssh-agent which key should be used.
https://bugzilla.mindrot.org/show_bug.cgi?id=2024 Priority: P5 Bug ID: 2024 Assignee: unassigned-bugs at mindrot.org Summary: Allow to ssh client say to ssh-agent which key should be used. Severity: enhancement Classification: Unclassified OS: Linux Reporter: pub at mnu.pp.ru Hardware:
2006 Feb 22
8
[Bug 1159] %u and %h not handled in IdentityFile
http://bugzilla.mindrot.org/show_bug.cgi?id=1159 Summary: %u and %h not handled in IdentityFile Product: Portable OpenSSH Version: 4.3p2 Platform: All URL: http://www.math.ualberta.ca/imaging/snfs/openssh.html OS/Version: Linux Status: NEW Keywords: patch Severity: normal Priority: P2
2005 Dec 05
3
Specification of identity for ssh client to use
Is there any way to tell the openssh client exactly which identity to use for an outgoing commection? I know about "-i identityfile", but it doesn't do what I want. I want to precisely specify the identity to use, not just add an identity to a list of things to try. Whatever mechanism is used should work both for local files and for identities managed by ssh-agent. My ssh client
2002 Jan 27
1
[PATCH] Add user-dependent IdentityFile to OpenSSH-3.0.2p1
Here is a patch to allow private key files to be placed system wide (for all users) in a secure (non-NFS) mounted location on systems where home directories are NFS mounted. This is especially important for users who use blank passphrases rather than ssh-agent (a good example of where this is necessary is for tunnelling lpd through ssh on systems that run lpd as user lp). IdentityFile now accepts
2024 Jun 05
2
Can one set an agent timeout for a specific host?
If I set a timeout for a specific host's key does it set the timeout for just that key/host? I.e. if I do something like in ~/.ssh/config:- # # # backup, use public-key authentication # Host backup IdentityFile ~/.ssh/backup_id_rsa IdentityAgent 600 Will it just time out the key saved for backup and leave any other keys with the default no timeout? --