Hi,
I noticed that the ssh -i <keyfile> option is "ignored" in my case:
On my server, I have two keys in .ssh/authorized_keys:
command="echo A" ssh-rsa A... # Key A
command="echo B" ssh-rsa B... # Key B
Suppose these keys are stored on my client as A{,.pub} and B{,.pub}. Now
the following situation:
$ ssh-add -L
ssh-rsa A...
$ ssh -i B server
A
As you can see, when A is loaded in ssh-agent but B isn't, the
connection is made with key A even when B is specifically requested.
I looked around the source and found a few hints here and there
(readconf.c:add_identity_files(), sshconnect2.c:pubkey_prepare(), the
"userprovided" tag in the Options struct...), but overall it's unclear
to me what the semantics of "-i" is actually meant to be.
What I always expected from "-i" was that only the keys given with -i
are tried, or at least these keys are tried first, irrespective of
whether or not they are loaded into ssh-agent.
I tried this with the versions from current Debian jessie, and also
compiled the developer version 8ef691 from 2015-03-11 and got the same
behaviour.
Many regards,
Jens Stimpfle
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
