[Bug 2970] New: explicit IdentityFile has lower priority than agent keys
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Mon Feb 18 20:35:53 AEDT 2019
https://bugzilla.mindrot.org/show_bug.cgi?id=2970
Bug ID: 2970
Summary: explicit IdentityFile has lower priority than agent
keys
Product: Portable OpenSSH
Version: 7.9p1
Hardware: Other
OS: Windows 7
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: basinilya at gmail.com
I need to offer a non-default ssh key when I access some git repos. In
my `~/.gitconfig` I have:
[url "git at gh-org:privateorg/"]
insteadOf = git at github.com:privateorg/
And in my `~/.ssh/config` I have:
Host gh-org
HostName github.com
IdentityFile ~/.ssh/zzz-basi01.id_rsa.disabled
`.disabled` means it should not be added to the agent automatically so
I don't have too many keys in it (to address "Too many authentication
failures" on password-protected servers).
However, if the key is *not* added to the agent, when I try to connect,
ssh first tries the agent keys:
debug1: Will attempt key: /home/basin/.ssh/id_rsa RSA xxxxx agent
debug1: Will attempt key: funktestkey RSA xxxx agent
debug1: Will attempt key:
/home/basin/.ssh/zzz-basi01.id_rsa.disabled explicit
...
debug1: Offering public key: /home/basin/.ssh/id_rsa RSA xxxxx
agent
...
debug1: Server accepts key: /home/basin/.ssh/id_rsa RSA xxxx agent
The workaround is to disable agent usage with `IdentityAgent none`.
However, I expect ssh to try the identities from agent and files in the
mixed manner, explicit first.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list