[Bug 3186] New: ProxyJump should include IdentityFile when specified
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Jun 24 10:40:37 AEST 2020
https://bugzilla.mindrot.org/show_bug.cgi?id=3186
Bug ID: 3186
Summary: ProxyJump should include IdentityFile when specified
Product: Portable OpenSSH
Version: 8.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: david at systemoverlord.com
While ProxyJump (-J) is documented as not taking the configuration for
the destination host (which makes sense for most things, like port
forwarding, X11 forwarding, environment, etc.), it seems that it's not
uncommon to want to use the same SSH key to authenticate to both hosts.
In such cases, passing -i on the command line fails as it's not used
for authenticating to the jump host.
I believe that when -J and -i are both used on the command line, the
provided identity file should also be attempted for the jump host, and
there's little risk (aside from exposing the fingerprint of the
additional public key to the intermediate host).
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list