https://bugzilla.mindrot.org/show_bug.cgi?id=3153
Roumen Petrov <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #4 from Roumen Petrov <[email protected]> --- I cannot understand what is issue with agent keys. User start agent and adds some keys(identities). It is expected those keys to take precedence over all other keys as they are loaded first! Then when is started client it could add other identities. Directive IdentitiesOnly set to yes is intended to minimize used agent keys. Sample: agent with keys agent1 agent2 agent3 To simplify let assume that configuration does no add other identities. a) client .. -i no_agent -i agent2 .. If IdentitiesOnly is set to yes client should try "agent2" and "no_agent". b) client .. -i no_agent .. If IdentitiesOnly is set to yes client should try only "no_agent". So I cannot see why IdentitiesOnly=yes is not solution. Reading OpenSSH manual page I partially agree with first report: ---- -i identity_file Selects a file from which the identity (private key) for public key authentication is read. The default is .... Identity files may also be specified on a per-host basis in the configuration file. It is possible to have multiple -i options (and multiple identities specified in configuration files). ---- The only things missing is that ssh(1) does not suggest for more details user to see directive IdentityFile ssh_config(5) where: ---- IdentityFile ... Additionally, any identities represented by the authentication agent will be used for authentication unless IdentitiesOnly is set. ... ---- "Additionally" is not appropriate word as agent keys are loaded first and is expected to be used first. It seems to me this report is just documentation issue. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
