Re: SSH_AUTH_SOCK behavior is completely insane

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

According to other replies gnome-keyring is involved so perhaps the fault lies in that. I doubt upstream ssh guys would override cli options with agent. Cli is usually the highest order of priority. I will try to investigate further and try to pinpoint the blame.

For now I managed to completely disable it system wide by adding export SSH_AUTH_SOCK="" in a /etc/profile.d script.


On 11/23/2017 04:18 AM, Eric Griffith wrote:
This is not just Fedora specific behavior. I ran into this a few days ago on a Mac after adding a bunch of keys to my agent (one per AWS region). Even if you specify a key with “-i” it will still go for the agent, resulting in an Auth failure. Not sure if specifying a key in the config will over ride it though, I didn’t try that. 

The fact that SSH prioritizes the agent over a manually specified key definitely smells like an upstream bug though. That’s not just counter intuitive that’s a blatant disregard of an explicit command specified by the user. 

Cheers!
Eric

On Nov 22, 2017, at 19:33, Todd Zullinger <tmz@xxxxxxxxx> wrote:

Tom Horsley wrote:
On Thu, 23 Nov 2017 00:06:11 +0100 cen wrote:

Anyone doing linux admin or dev work has more than 5 keys in their .ssh directory, rendering the agent completely USELESS PIECE OF SHIT PROGRAM.

Why? I do lots of linux admin work and I only have two keys.

I use a different key for each organization I'm working for/with.  I have a personal key, one for Fedora packaging, one for github, another for bitbucket, and several for different companies where I perform admin work.

You can certainly use one or two keys for all of that, but I don't think it's the best practice to do so.  Not everyone feels the same, but it's far from unusual to have quite a few keys.

--
Todd
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If people are good only because they fear punishment, and hope for
reward, then we are a sorry lot indeed.
  -- Albert Einstein

_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx


_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx


_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux