Mailing List Archive: Can I disable IdentityFile?

Can I disable IdentityFile?

Jun 3, 2022, 4:58 AM

Post #1 of 3 (330 views)

I would like to ensure that I connect with mysever only using a
specific agent and never an IdentityFile. (It turns out that I had
accidentally been authenticating using one of the implicit
IdentifyFile locations in .ssh)

I want my imaginary ssh configuration to be the equivalent of
host myserver
IdentityAgent /tmp/agentformyserver
IdentityFile never

I have tried setting an explicit "IdentityFile /dev/null" and
"IdentityFile /tmp/id_rsa_IGNORED". Ssh then ignores the
IdentityAgent and fails because the IdentityFile is empty or
rightfully not recognized by myserver.

Is there another way to do this?

M
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

Re: Can I disable IdentityFile? [ In reply to ]

naddy at mips

Jun 4, 2022, 6:22 AM

Post #2 of 3 (328 views)

Permalink

M Rubon:

> I would like to ensure that I connect with mysever only using a
> specific agent and never an IdentityFile. (It turns out that I had
> accidentally been authenticating using one of the implicit
> IdentifyFile locations in .ssh)
>
> I want my imaginary ssh configuration to be the equivalent of
> host myserver
> IdentityAgent /tmp/agentformyserver
> IdentityFile never
>
> I have tried setting an explicit "IdentityFile /dev/null" and
> "IdentityFile /tmp/id_rsa_IGNORED". Ssh then ignores the
> IdentityAgent and fails because the IdentityFile is empty or
> rightfully not recognized by myserver.

Works for me.

lorvorc$ env | fgrep SSH
SSH_AUTH_SOCK=/tmp/ssh-Q9qqL3TskHmZ/agent.1504
SSH_AGENT_PID=1505
lorvorc$ unset SSH_AUTH_SOCK
lorvorc$ ssh -oIdentityFile=/dev/null -oIdentityAgent=/tmp/ssh-Q9qqL3TskHmZ/agent.1504 partoc
partoc$

--
Christian "naddy" Weisgerber naddy@mips.inka.de
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

Re: Can I disable IdentityFile? [ In reply to ]

djm at mindrot

Jun 4, 2022, 11:45 PM

Post #3 of 3 (326 views)

Permalink

On Fri, 3 Jun 2022, M Rubon wrote:

> I would like to ensure that I connect with mysever only using a
> specific agent and never an IdentityFile. (It turns out that I had
> accidentally been authenticating using one of the implicit
> IdentifyFile locations in .ssh)
>
> I want my imaginary ssh configuration to be the equivalent of
> host myserver
> IdentityAgent /tmp/agentformyserver
> IdentityFile never
>
> I have tried setting an explicit "IdentityFile /dev/null" and
> "IdentityFile /tmp/id_rsa_IGNORED". Ssh then ignores the
> IdentityAgent and fails because the IdentityFile is empty or
> rightfully not recognized by myserver.
>
> Is there another way to do this?

IdentityFile=none should work
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev