IdentitiesOnly and PKCS

Dirk-Willem van Gulik dirkx at
Wed Dec 1 05:04:54 AEDT 2021

Is it just me - or does, since version 3.0.7, IdentitiesOnly no longer include PKCS#11 keys ?

With IdentitiesOnly set to yes - I see them getting picked up:

	debug2: pkcs11_fetch_keys: provider /Library/OpenSC/lib/ slot 0: RSA SHA256:etcetc
	debug1: have 2 keys

but not being offered. With IdentitiesOnly set to no (or without; the default) - they get offered.

Is that intentional ? Or what is the thinking behind this ?

With kind regards,


More information about the openssh-unix-dev mailing list