[Bug 3080] New: Document IdentityFile=none and clarify interaction of defaults with IdentitiesOnly

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Wed Oct 9 19:54:51 AEDT 2019


https://bugzilla.mindrot.org/show_bug.cgi?id=3080

            Bug ID: 3080
           Summary: Document IdentityFile=none and clarify interaction of
                    defaults with IdentitiesOnly
           Product: Portable OpenSSH
           Version: 8.0p1
          Hardware: Other
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: Documentation
          Assignee: unassigned-bugs at mindrot.org
          Reporter: openssh at nuclearsunshine.com

Currently the documentation for IdentitiesOnly states:

"Specifies that ssh(1) should only use the authentication identity and
certificate files explicitly configured in the ssh_config files or
passed on the ssh(1) command-line..."

This is inaccurate, as with no IdentityFile configuration in
/etc/ssh/ssh_config or ~/.ssh/config, the *default* IdentityFile value
(documented but not *explicitly configured* is used when IdentitiesOnly
is set.

This is compounded by the fact that the mechanism for setting
IdentityFile to empty (using the special "none" string) is not
documented (see https://bugzilla.mindrot.org/show_bug.cgi?id=2362).

I suggest the following fixes:

* Update the IdentityFile documentation to mention the "none" string.

* Change the IdentitiesOnly documentation to say that it will use the
*default* IdentityFile configuration if that parameter is not
explicitly configured (and draw specific attention to this, as it's
unlikely to be what the user wants if they specify IdentitiesOnly - I
suggest recommending the above IdentityFile setting).

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list