IdentityFile option escape sequences

Gawain Bolton gawain.bolton at thalesgroup.com
Thu Apr 27 17:34:41 EST 2006 

Hello,

I'm using openssh-4.3p2 compiled for sparc-sun-solaris2.8.  I'm trying 
to use the IdentityFile option with the escape sequences for the remote 
host name (%h) and remote user name (%r) as documented in ssh-config 
<http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config&sektion=5&arch=&apropos=0&manpath=OpenBSD+Current>.

It seems the escape sequences do not work.  I have tried both using the 
command like option and an ssh-config file and the results are the same 
- it seems the escape sequences do not get expanded.   The example below 
shows that the option is _seen _by ssh, but the esacpe sequences are not 
expanded.

    sftp -v -oPasswordAuthentication=no
    -oIdentityFile=/var/opt/oss/data/config/ssh/%h_%r_id_dsa temip at bt1sss5t

Connecting to bt1sss5t...
OpenSSH_4.3p2, OpenSSL 0.9.8a 11 Oct 2005
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Connecting to bt1sss5t [142.4.151.6] port 22.
debug1: Connection established.
debug1: identity file %h_%r_id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'bt1sss5t' is known and matches the RSA host key.
debug1: Found key in /usr/users/temip/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: 
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
*debug1: Trying private key: %h_%r_id_dsa*
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: 
publickey,password,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,password,keyboard-interactive).
Connection closed

The private key *%h_%r_id_dsa* not at all what I was expecting.  Rather, 
I was expecting:

    /var/opt/oss/data/config/ssh/bt1sss5t_temip_id_dsa

I apologize in advance if this is a known problem or I am doing 
something which is known to be a stupid thing neophytes do...  In my 
defense, my searching of the mailing list archives and the web turned up 
nothing.

Cheers,

Gawain

-------------- next part --------------
A non-text attachment was scrubbed...
Name: gawain.bolton.vcf
Type: text/x-vcard
Size: 201 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20060427/9d456cec/attachment.vcf

More information about the openssh-unix-dev mailing list