[Bug 3186] New: ProxyJump should include IdentityFile when specified

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Jun 24 10:40:37 AEST 2020


https://bugzilla.mindrot.org/show_bug.cgi?id=3186

            Bug ID: 3186
           Summary: ProxyJump should include IdentityFile when specified
           Product: Portable OpenSSH
           Version: 8.3p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: david at systemoverlord.com

While ProxyJump (-J) is documented as not taking the configuration for
the destination host (which makes sense for most things, like port
forwarding, X11 forwarding, environment, etc.), it seems that it's not
uncommon to want to use the same SSH key to authenticate to both hosts.
 In such cases, passing -i on the command line fails as it's not used
for authenticating to the jump host.

I believe that when -J and -i are both used on the command line, the
provided identity file should also be attempted for the jump host, and
there's little risk (aside from exposing the fingerprint of the
additional public key to the intermediate host).

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list