[Bug 2066] ssh tries the keys proposed by the agent before those passed with -i
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Feb 8 11:33:35 EST 2013
https://bugzilla.mindrot.org/show_bug.cgi?id=2066
--- Comment #4 from Paul Wise <pabs3 at bonedaddy.net> ---
There are two keys:
One is password-protected. This key is listed in the Hosts *
IdentityFile in ~/.ssh/config and added to the ssh-agent with ssh-add
-c, meaning it requires confirmation before use.
The other is not password-protected. It is not added to the ssh-agent.
Its use is command-limited on the server side to pulling from git
repositories:
command="/usr/bin/git-upload-pack ${SSH_ORIGINAL_COMMAND#*
}",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty
ssh-rsa ...
In order to use the passwordless key for git pull but not git push, I
set GIT_SSH to a script that does this instead when connecting to a
host that supports my passwordless key:
unset SSH_AUTH_SOCK <--- This part is a workaround for this bug (2066)
ssh -o 'ControlMaster auto' -o 'ControlPath
~/.ssh/git-control-%l->%r@%h:%p' -i ~/.ssh/my-git-key "$@"
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list