[Bug 2066] ssh tries the keys proposed by the agent before those passed with -i

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sun Mar 24 23:11:22 EST 2013


https://bugzilla.mindrot.org/show_bug.cgi?id=2066

Jaap Eldering <eldering at a-eskwadraat.nl> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |eldering at a-eskwadraat.nl

--- Comment #7 from Jaap Eldering <eldering at a-eskwadraat.nl> ---
I have the same issue, related to using gitolite to access Git
repositories over SSH, see
http://superuser.com/questions/570356/how-to-override-ssh-default-identity
for a detailed description.

I'm running the same OpenSSH client version: Debian 6.0p1-4.

I have two keys that are accepted by the server: ~/.ssh/id_rsa and
~/.ssh/id_rsa_git, but I want to use the latter and I have set up the
following in ~/.ssh/config:

Host git
        Hostname router
        User gitolite
        ForwardX11 no
        ForwardAgent no
        GSSAPIAuthentication no
        IdentitiesOnly yes
        IdentityFile ~/.ssh/id_rsa_git

When my key ~/.ssh/id_rsa is loaded in ssh-agent it is offered first
(and accepted), while if I remove it from the agent, then
~/.ssh/id_rsa_git is offered and accepted. Specifying any of the
additional options IdentitiesOnly=yes or -i ~/.ssh/id_rsa_git does not
change the behaviour in either case.

A related comment: in the documentation I cannot find whether it is
possible to override the default IdentityFile's, nor if/how the order
of specifying these influences the order in which the ssh client offers
them.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list