https://bugzilla.mindrot.org/show_bug.cgi?id=3153
Roumen Petrov <bugtrack@roumenpetrov.info> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bugtrack@roumenpetrov.info
--- Comment #4 from Roumen Petrov <bugtrack@roumenpetrov.info> ---
I cannot understand what is issue with agent keys.
User start agent and adds some keys(identities). It is expected those
keys to take precedence over all other keys as they are loaded first!
Then when is started client it could add other identities.
Directive IdentitiesOnly set to yes is intended to minimize used agent
keys.
Sample:
agent with keys
agent1
agent2
agent3
To simplify let assume that configuration does no add other identities.
a) client .. -i no_agent -i agent2 ..
If IdentitiesOnly is set to yes client should try "agent2" and
"no_agent".
b) client .. -i no_agent ..
If IdentitiesOnly is set to yes client should try only "no_agent".
So I cannot see why IdentitiesOnly=yes is not solution.
Reading OpenSSH manual page I partially agree with first report:
----
-i identity_file
Selects a file from which the identity (private key) for public key
authentication is read. The default is .... Identity files may also be
specified on a per-host basis in the configuration file. It is
possible to have multiple -i options (and multiple identities specified
in configuration files).
----
The only things missing is that ssh(1) does not suggest for more
details user to see directive IdentityFile ssh_config(5) where:
----
IdentityFile
...
Additionally, any identities represented by the authentication agent
will be used for authentication unless IdentitiesOnly is set.
...
----
"Additionally" is not appropriate word as agent keys are loaded first
and is expected to be used first.
It seems to me this report is just documentation issue.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
Roumen Petrov <bugtrack@roumenpetrov.info> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bugtrack@roumenpetrov.info
--- Comment #4 from Roumen Petrov <bugtrack@roumenpetrov.info> ---
I cannot understand what is issue with agent keys.
User start agent and adds some keys(identities). It is expected those
keys to take precedence over all other keys as they are loaded first!
Then when is started client it could add other identities.
Directive IdentitiesOnly set to yes is intended to minimize used agent
keys.
Sample:
agent with keys
agent1
agent2
agent3
To simplify let assume that configuration does no add other identities.
a) client .. -i no_agent -i agent2 ..
If IdentitiesOnly is set to yes client should try "agent2" and
"no_agent".
b) client .. -i no_agent ..
If IdentitiesOnly is set to yes client should try only "no_agent".
So I cannot see why IdentitiesOnly=yes is not solution.
Reading OpenSSH manual page I partially agree with first report:
----
-i identity_file
Selects a file from which the identity (private key) for public key
authentication is read. The default is .... Identity files may also be
specified on a per-host basis in the configuration file. It is
possible to have multiple -i options (and multiple identities specified
in configuration files).
----
The only things missing is that ssh(1) does not suggest for more
details user to see directive IdentityFile ssh_config(5) where:
----
IdentityFile
...
Additionally, any identities represented by the authentication agent
will be used for authentication unless IdentitiesOnly is set.
...
----
"Additionally" is not appropriate word as agent keys are loaded first
and is expected to be used first.
It seems to me this report is just documentation issue.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs