Bug 410

Summary: when -i or IdentityFile is specified, agent keys are still tried first
Product: Portable OpenSSH Reporter: Allan Stokes <bugzilla>
Component: ssh-agentAssignee: OpenSSH Bugzilla mailing list <openssh-bugs>
Status: CLOSED WONTFIX    
Severity: minor    
Priority: P2    
Version: -current   
Hardware: All   
OS: All   

Description Allan Stokes 2002-10-04 06:35:45 AEST 
I noticed this because I have five keys in my ssh-add -l list and I often 
experience the behaviour when connecting to systems where I use password auth 
that if I don't get the password right on the first shot, it tells me "too many 
auth failures" and I don't get a second chance.  

So I was looking at the -v output and wondering why all my ssh-agent identities 
are tried _before_ the identity explicitly configured in the .ssh/config file 
or supplied on the command line with -i.  

It would be nice to have an option to suppress the ssh-agent auth attempts when 
I know they aren't applicable.
Comment 1 Markus Friedl 2002-10-04 17:34:22 AEST 
it's not documented that -i or IdentityFile overwrite
the agent and it's to late to even consider this change.

if you don't want to use the agent, unset SSH_AUTH_SOCK
Comment 2 Markus Friedl 2002-10-04 19:15:35 AEST 
we cannot change this.
Comment 3 Damien Miller 2004-04-14 12:24:18 AEST 
Mass change of RESOLVED bugs to CLOSED