Displaying 20 results from an estimated 1000 matches similar to: "[Bug 3080] New: Document IdentityFile=none and clarify interaction of defaults with IdentitiesOnly"
2019 Apr 01
2
IdentityFile vs IdentitiesOnly
Hi folks,
I've got a moderate number of keys in my ssh config file.
Problem: Very often I get an error message like
Received disconnect from 2001:db8::8077 port 999:2: Too many authentication failures
Authentication failed.
AFAIU the ssh-agent is to blame here, trying out all keys
he has ever seen. This conflicts with MaxAuthTries 6, set by
default on the peer.
The solution seems to be to
2019 Apr 02
2
IdentityFile vs IdentitiesOnly
Hi Darren,
On 4/1/19 10:41 AM, Darren Tucker wrote:
> On Mon, 1 Apr 2019 at 08:12, Harald Dunkel <harald.dunkel at aixigo.de> wrote:
>> I've got a moderate number of keys in my ssh config file.
>> Problem: Very often I get an error message like
> [...]
>> The solution seems to be to set IdentitiesOnly, e.g.:
> [...]
>> Shouldn't an explicit
2011 Dec 13
3
ssh-agent and IdentityFile
I've noticed that the ssh-agent applies any keys it already has
passwords for (via ssh-add) first, overriding the ssh config files for
preferred identity file from .ssh/config and -i. This seems a
documented behavior.
However, this causes problems with some tool chains that use the
authorized_keys command directive to change behavior based on which
key is used.
In my case, I use gitolite for
2013 Jan 29
16
[Bug 2066] New: ssh tries the keys proposed by the agent before those passed with -i
https://bugzilla.mindrot.org/show_bug.cgi?id=2066
Bug ID: 2066
Summary: ssh tries the keys proposed by the agent before those
passed with -i
Classification: Unclassified
Product: Portable OpenSSH
Version: 6.0p1
Hardware: All
OS: Linux
Status: NEW
Severity: normal
2011 Aug 25
1
Add missing -o options in ssh(1) manual
A few options appear to be missing from the list in ssh's manual.
The one I didn't add is EnableSSHKeysign, whose description implies
it is only effective when placed in the system-wide config file.
Index: ssh.1
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh.1,v
retrieving revision 1.319
diff -u -p -r1.319 ssh.1
--- ssh.1 7 May 2011
2017 Jun 21
1
encoding/locale problem with ssh -X
Hi all,
I am struggling with remote R sessions and a (I suspect) locale related
encoding problem: Using the X11 device (X11forwarding enabled),
whenever I try to plot something containing umlauts using ggplot2, I am
seeing sth like
,----
| Error in grid.Call(L_stringMetric, as.graphicsAnnot(x$label)) :
| invalid use of -61 < 0 in 'X11_MetricInfo'
`----
Using base graphics is fine
2004 Jun 20
0
key management with ssh-agent, IdentityFile and info leakage
editors note: just now found something about IdentitiesOnly that might do the
trick. there's some other stuff in here too.
about preventing info leakage [keys for other sites] from appearing in the
client<-->server key negotiation with ssh-agent and IdentityFile.
ssh/config:IdentityFile - seems to indicate that only the specified key will
be tried, and if that key fails, no other keys
2023 Nov 12
1
Match Principal enhancement
Hi OpenSSH devs,
I?m wondering if the following has any merit and can be done securely ...
If you could match on principals in the sshd_config, then (for example) on a gateway machine, you could have something like
/etc/ssh/authorized_keys/sshfwd:
cert-authority,principals=?batcha-fwd,batchb-fwd? ...
/etc/ssh/sshd_config containing:
Match User sshfwd
PubkeyAuthentication yes
2023 Nov 12
1
Match Principal enhancement
AFAIK everything you described here could be done using the
AuthorizedKeysCommand or AuthorizedPrincipalsCommand directives. These
can emit authorized_keys options (inc. permitopen) as well as the allowed
keys/principals.
On Sun, 12 Nov 2023, Bret Giddings wrote:
> Hi OpenSSH devs,
>
> I?m wondering if the following has any merit and can be done securely ...
>
> If you could
2013 Apr 30
3
[Bug 2095] New: ssh client not respecting IdentitiesOnly=yes option
https://bugzilla.mindrot.org/show_bug.cgi?id=2095
Bug ID: 2095
Summary: ssh client not respecting IdentitiesOnly=yes option
Classification: Unclassified
Product: Portable OpenSSH
Version: 6.2p1
Hardware: All
OS: All
Status: NEW
Severity: trivial
Priority: P5
Component: ssh
2009 Jan 22
0
Unintended key info disclosure via ForwardAgent?
It seems that users may be disclosing unintended public key info
when logging into remote hosts.
Use of the words keypair/keyid/etc have been bastardized. Signature
is likely better. Note also, the author may be without clue.
Setup:
[g] - refers to an administrative group of hosts
[n] - refers to a host within that group
ws[g][n] - management workstations [trusted]
User ssh-add's keys for
2020 Apr 23
6
[Bug 3153] New: Prefer user specified keys to avoid the agent overloading MaxAuthTries before even trying the key that was specified
https://bugzilla.mindrot.org/show_bug.cgi?id=3153
Bug ID: 3153
Summary: Prefer user specified keys to avoid the agent
overloading MaxAuthTries before even trying the key
that was specified
Product: Portable OpenSSH
Version: 8.2p1
Hardware: Other
OS: Linux
Status: NEW
2011 May 02
12
[Bug 1898] New: possible unreasonable behaviour when using ProxyCommand with multiple IdentityFile(s)
https://bugzilla.mindrot.org/show_bug.cgi?id=1898
Summary: possible unreasonable behaviour when using
ProxyCommand with multiple IdentityFile(s)
Product: Portable OpenSSH
Version: 5.8p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Miscellaneous
2012 Jul 06
9
[Bug 2024] New: Allow to ssh client say to ssh-agent which key should be used.
https://bugzilla.mindrot.org/show_bug.cgi?id=2024
Priority: P5
Bug ID: 2024
Assignee: unassigned-bugs at mindrot.org
Summary: Allow to ssh client say to ssh-agent which key should
be used.
Severity: enhancement
Classification: Unclassified
OS: Linux
Reporter: pub at mnu.pp.ru
Hardware:
2005 Dec 05
3
Specification of identity for ssh client to use
Is there any way to tell the openssh client exactly which identity to
use for an outgoing commection? I know about "-i identityfile", but
it doesn't do what I want. I want to precisely specify the identity
to use, not just add an identity to a list of things to try. Whatever
mechanism is used should work both for local files and for identities
managed by ssh-agent.
My ssh client
2006 Feb 22
8
[Bug 1159] %u and %h not handled in IdentityFile
http://bugzilla.mindrot.org/show_bug.cgi?id=1159
Summary: %u and %h not handled in IdentityFile
Product: Portable OpenSSH
Version: 4.3p2
Platform: All
URL: http://www.math.ualberta.ca/imaging/snfs/openssh.html
OS/Version: Linux
Status: NEW
Keywords: patch
Severity: normal
Priority: P2
2002 Jan 27
1
[PATCH] Add user-dependent IdentityFile to OpenSSH-3.0.2p1
Here is a patch to allow private key files to be placed system wide (for
all users) in a secure (non-NFS) mounted location on systems where home
directories are NFS mounted. This is especially important for users who use
blank passphrases rather than ssh-agent (a good example of where this is
necessary is for tunnelling lpd through ssh on systems that run lpd as user
lp).
IdentityFile now accepts
2015 Oct 16
2
Is there any solution, or even work on, limiting which keys gets forwarded where?
On Thu, Oct 15, 2015 at 07:02:58PM -0400, Nico Kadel-Garcia wrote:
> On Thu, Oct 15, 2015 at 10:34 AM, hubert depesz lubaczewski
> <depesz at depesz.com> wrote:
> > Hi,
> >
> > I'm in a situation where I'm using multiple SSH keys, each to connect to
> > different set of servers.
> >
> > I can't load/unload keys on demand, as I usually am
2004 May 12
3
Oddness with agent forwarding and -i
Hey everyone,
I hope this isn't an old issue; I wasn't able to
locate it in the archives.
I have a number of scripts which make use of ssh -i
and scp -i, where the target host has the specified
key in its authorized_keys file with a command=
override to do immediate processing of the received
data. This works extremely well, as we are able to
establish single-function, triggered-action
2016 Jan 21
4
Selecting specific key from agent
There are cases when a user might have multiple keys in ssh-agent, but
wants to use a specific one. Unless I'm mistaken, this is currently
impossible. I've put together a proof of concept using the key's
"filename" (the third column in the output of 'ssh-add -l') and it
works.
Is this a new feature that would be accepted? If so, should the key be
identified with its