I use private keys in a smartcard (OpenPGP in my case, via gpg-agent(1)'s SSH socket). If you pass IdentityFile=/path/to/public-key, it will use it when IdentitiesOnly=yes. In short, IdentitiesOnly=yes instructs ssh(1) to *only* use the IdentityFile given to it explicitly. When the private key is not on disk, you have to give it the *public* key instead to accomplish this. If it did in the past automatically fetch keys from an agent without you having to give one to an IdentityFile, that seems like a bug, and it being fixed probably explains the "regression" you're seeing.
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
