Key preference

Josef Wolf jw at raven.inka.de
Mon Sep 23 20:57:32 EST 2013


On Fr, Sep 20, 2013 at 11:47:06 +1000, Darren Tucker wrote:
> If your ssh-agent has keys those will be offered to the server first.
> You can change that with the IdentitiesOnly option.

So I  tried to disable the other keys by unsetting the environment
variables. And here, I run into a different problem.

Please note that in both connection attempts shown below, the same key is to
be used. The only difference is that SSH_AUTH_SOCK is unset in the first
attempt. I tried this in order to force usage of the identity on the command line.

Any ideas what's going on here?

raven:/var/cfsvn/conf # (unset SSH_AGENT; unset SSH_AUTH_SOCK; ssh -vvvv -i ~jw/.ssh/jw-jw.lan jw at raven.jw.lan)
OpenSSH_6.1p1, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 1: Applying options for *
debug1: /etc/ssh/ssh_config line 261: Applying options for *.jw.lan
debug2: ssh_connect: needpriv 0
debug1: permanently_set_uid: 0/0
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/jw/.ssh/jw-jw.lan" as a RSA1 public key
debug1: identity file /home/jw/.ssh/jw-jw.lan type 2
debug1: identity file /home/jw/.ssh/jw-jw.lan-cert type -1
debug1: identity file /root/.ssh/raven.jw.lan-dsa type -1
debug1: identity file /root/.ssh/raven.jw.lan-dsa-cert type -1
debug1: identity file /root/.ssh/raven.jw.lan-rsa type -1
debug1: identity file /root/.ssh/raven.jw.lan-rsa-cert type -1
debug1: identity file /root/.ssh/jw.lan-dsa type -1
debug1: identity file /root/.ssh/jw.lan-dsa-cert type -1
debug1: identity file /root/.ssh/jw.lan-rsa type -1
debug1: identity file /root/.ssh/jw.lan-rsa-cert type -1
debug1: identity file /root/.ssh/gem-dsa type -1
debug1: identity file /root/.ssh/gem-dsa-cert type -1
debug1: identity file /root/.ssh/gem-rsa type -1
debug1: identity file /root/.ssh/gem-rsa-cert type -1
debug1: permanently_drop_suid: 0
Permission denied (publickey).
ssh_exchange_identification: Connection closed by remote host


raven:/var/cfsvn/conf # (unset SSH_AGENT; ssh -vvvv -i ~jw/.ssh/jw-jw.lan jw at raven.jw.lan)
OpenSSH_6.1p1, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 1: Applying options for *
debug1: /etc/ssh/ssh_config line 261: Applying options for *.jw.lan
debug2: ssh_connect: needpriv 0
debug1: permanently_set_uid: 0/0
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/jw/.ssh/jw-jw.lan" as a RSA1 public key
debug1: permanently_drop_suid: 0
debug1: identity file /home/jw/.ssh/jw-jw.lan type 2
debug1: identity file /home/jw/.ssh/jw-jw.lan-cert type -1
debug1: identity file /root/.ssh/raven.jw.lan-dsa type -1
debug1: identity file /root/.ssh/raven.jw.lan-dsa-cert type -1
debug1: identity file /root/.ssh/raven.jw.lan-rsa type -1
debug1: identity file /root/.ssh/raven.jw.lan-rsa-cert type -1
debug1: identity file /root/.ssh/jw.lan-dsa type -1
debug1: identity file /root/.ssh/jw.lan-dsa-cert type -1
debug1: identity file /root/.ssh/jw.lan-rsa type -1
debug1: identity file /root/.ssh/jw.lan-rsa-cert type -1
debug1: identity file /root/.ssh/gem-dsa type -1
debug1: identity file /root/.ssh/gem-dsa-cert type -1
debug1: identity file /root/.ssh/gem-rsa type -1
debug1: identity file /root/.ssh/gem-rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.2
[Connection proceeds normally]



-- 
Josef Wolf
jw at raven.inka.de


More information about the openssh-unix-dev mailing list