https://bugzilla.mindrot.org/show_bug.cgi?id=2970
Bug ID: 2970
Summary: explicit IdentityFile has lower priority than agent
keys
Product: Portable OpenSSH
Version: 7.9p1
Hardware: Other
OS: Windows 7
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: [email protected]
Reporter: [email protected]
I need to offer a non-default ssh key when I access some git repos. In
my `~/.gitconfig` I have:
[url "git@gh-org:privateorg/"]
insteadOf = [email protected]:privateorg/
And in my `~/.ssh/config` I have:
Host gh-org
HostName github.com
IdentityFile ~/.ssh/zzz-basi01.id_rsa.disabled
`.disabled` means it should not be added to the agent automatically so
I don't have too many keys in it (to address "Too many authentication
failures" on password-protected servers).
However, if the key is *not* added to the agent, when I try to connect,
ssh first tries the agent keys:
debug1: Will attempt key: /home/basin/.ssh/id_rsa RSA xxxxx agent
debug1: Will attempt key: funktestkey RSA xxxx agent
debug1: Will attempt key:
/home/basin/.ssh/zzz-basi01.id_rsa.disabled explicit
...
debug1: Offering public key: /home/basin/.ssh/id_rsa RSA xxxxx
agent
...
debug1: Server accepts key: /home/basin/.ssh/id_rsa RSA xxxx agent
The workaround is to disable agent usage with `IdentityAgent none`.
However, I expect ssh to try the identities from agent and files in the
mixed manner, explicit first.
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
