ssh -i option does not work properly with ssh-agent

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi,

I noticed that the ssh -i <keyfile> option is "ignored" in my case:

On my server, I have two keys in .ssh/authorized_keys:

command="echo A" ssh-rsa A...  # Key A
command="echo B" ssh-rsa B...  # Key B

Suppose these keys are stored on my client as A{,.pub} and B{,.pub}. Now
the following situation:

$ ssh-add -L
ssh-rsa A...
$ ssh -i B server
A

As you can see, when A is loaded in ssh-agent but B isn't, the
connection is made with key A even when B is specifically requested.

I looked around the source and found a few hints here and there
(readconf.c:add_identity_files(), sshconnect2.c:pubkey_prepare(), the
"userprovided" tag in the Options struct...), but overall it's unclear
to me what the semantics of "-i" is actually meant to be.

What I always expected from "-i" was that only the keys given with -i
are tried, or at least these keys are tried first, irrespective of
whether or not they are loaded into ssh-agent.

I tried this with the versions from current Debian jessie, and also
compiled the developer version 8ef691 from 2015-03-11 and got the same
behaviour.

Many regards,
Jens Stimpfle
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux