[Bug 3080] New: Document IdentityFile=none and clarify interaction of defaults with IdentitiesOnly
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Wed Oct 9 19:54:51 AEDT 2019
https://bugzilla.mindrot.org/show_bug.cgi?id=3080
Bug ID: 3080
Summary: Document IdentityFile=none and clarify interaction of
defaults with IdentitiesOnly
Product: Portable OpenSSH
Version: 8.0p1
Hardware: Other
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: Documentation
Assignee: unassigned-bugs at mindrot.org
Reporter: openssh at nuclearsunshine.com
Currently the documentation for IdentitiesOnly states:
"Specifies that ssh(1) should only use the authentication identity and
certificate files explicitly configured in the ssh_config files or
passed on the ssh(1) command-line..."
This is inaccurate, as with no IdentityFile configuration in
/etc/ssh/ssh_config or ~/.ssh/config, the *default* IdentityFile value
(documented but not *explicitly configured* is used when IdentitiesOnly
is set.
This is compounded by the fact that the mechanism for setting
IdentityFile to empty (using the special "none" string) is not
documented (see https://bugzilla.mindrot.org/show_bug.cgi?id=2362).
I suggest the following fixes:
* Update the IdentityFile documentation to mention the "none" string.
* Change the IdentitiesOnly documentation to say that it will use the
*default* IdentityFile configuration if that parameter is not
explicitly configured (and draw specific attention to this, as it's
unlikely to be what the user wants if they specify IdentitiesOnly - I
suggest recommending the above IdentityFile setting).
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list