https://bugzilla.mindrot.org/show_bug.cgi?id=2951
Bug ID: 2951
Summary: command line key options ignored for jumphost
Product: Portable OpenSSH
Version: 7.7p1
Hardware: amd64
OS: Mac OS X
Status: NEW
Severity: normal
Priority: P5
Component: ssh
Assignee: [email protected]
Reporter: [email protected]
The -J option of ssh allows connecting via a "jump" host. However, I
am unable to specify a key to use for the jump host on the command
line.
Command:
> ssh -i keyfile -J [email protected] [email protected]
Expected behavior:
ssh authenticates to jumphost with key in keyfile, then proceeds to
connect to final host. Final host may use same or different key.
Actual behavior:
[email protected]: Permission denied
(publickey,gssapi-keyex,gssapi-with-mic).
ssh_exchange_identification: Connection closed by remote host
Using verbose options it is clear that keyfile is never offered to the
bastion host during authentication. Adding -o AddKeysToAgent=yes has
no affect. Putting AddKeysToAgent in ssh config file also has no
affect. It seems clear that any options relating to keys are ignored
when connecting to the jumphost. The only way to have a keyfile for
the jumphost is to pre-add it to the ssh-agent with ssh-add, or modify
the ssh config file. There are use cases where this is not desirable
(eg use in scripts, keys are rotated or expired often, ssh-agent is not
running, local host account is shared, etc).
The intuitive behavior would be for the -i and relevant -o options to
be applied before connecting to the jumphost.
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
