https://bugzilla.mindrot.org/show_bug.cgi?id=3153
--- Comment #3 from Christian Ehrhardt <[email protected]> --- Hi Damien, the suggested IdentitiesOnly=explicit is interesting, but it won't cover the part of the users that need the fix the most. I was mostly thinking about the less experienced users - those who'd not understand why things are failing and not know how to hunt for the existing workarounds. The IdentitiesOnly=explicit option would only fix it for those people that know what is going on (as they need to set it) unless if it would be the default config value. But as default it would break plenty of other use cases. But thinking about configs, maybe we'd want/need to go a step further. Today the preference order is in the code, maybe we'd want to expose that as a config. With my patch applied we have 6 classes of Auth to offer. We might apply my patch, but then revamp it completely to have the order configurable. The following would represent the order with my patch applied: IdentitiesOrder=key-explicit,cert-configured,cert-other,key-agent-configured,key-agent,key-other Everyone is welcome to bikeshed on the terms, but it actually was more about discussing the idea :-) -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
