IdentityFile vs IdentitiesOnly
Darren Tucker
dtucker at dtucker.net
Mon Apr 1 19:41:42 AEDT 2019
On Mon, 1 Apr 2019 at 08:12, Harald Dunkel <harald.dunkel at aixigo.de> wrote:
> I've got a moderate number of keys in my ssh config file.
> Problem: Very often I get an error message like
[...]
> The solution seems to be to set IdentitiesOnly, e.g.:
[...]
> Shouldn't an explicit IdentityFile (as in the example) *imply*
> IdentitiesOnly?
Probably not. What version are you using? Is this key in the agent
or do you need to supply a passphrase?
For recent versions each key has an annotation that says whether or
not the key file was supplied by the user (ie either in the config
file or on the command line). It should prefer keys that were both
specified in the config *and* in the agent, and it should try them in
the order they were supplied. If you're running into a situation
where this doesn't work, then it is likely you are either using a
version prior to that behaviour or there's a bug in it.
Can you post the subset of your config file(s) that causes the
behaviour? You'll need to include any Host entries that match the
system you're experiencing the problem with (including any wildcards a
and the implicit "Host *" at the start for the file) any IdentityFile
directives, but nothing else. (You'll also need to consider entries
in the host-wide ssh_config, if you have any).
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list