Mailing List Archive

[Bug 3062] New: ssh client ignores IdentitesOnly=yes if the identity file isn't found
https://bugzilla.mindrot.org/show_bug.cgi?id=3062

Bug ID: 3062
Summary: ssh client ignores IdentitesOnly=yes if the identity
file isn't found
Product: Portable OpenSSH
Version: 8.0p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: major
Priority: P5
Component: ssh
Assignee: unassigned-bugs@mindrot.org
Reporter: kormat@gmail.com

This ssh command will use any key the client can find through it's
normal means (i.e. agent, and ~/.ssh/id_{algo}):

ssh -F /dev/null -o IdentitiesOnly=yes -i
/something/that/doesnt/exist hostname

It will also ignore IdentitiesOnly=yes if no identity file is
specified:

ssh -F /dev/null -o IdentitiesOnly=yes hostname

I've tested this with:
- OpenSSH_7.2p2
- OpenSSH_7.9p1
- OpenSSH_8.0p1

This contradicts the documentation, which states:
Specifies that ssh(1) should only use the authentication identity and
certificate files explicitly configured in the ssh_config files or
passed on the ssh(1) command-line, even if ssh-agent(1) or a
PKCS11Provider offers more identities.

--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs