For various reasons [0] one might not want to give ssh(1) access to the private key material, and force the use of the agent instead. However, while it's currently possible to ignore the identities offered by the agent, AFIK it's not possible to ignore identity files. A way around is to specify a file that does not exist (e.g., ‘IdentityFile none’), but such behavior is not specified in ssh_config(5), and is also error-prone. I suggest to make ‘none’ a special argument for ‘IdentityFile’, and make it empty the list of identity files; if ‘~/.ssh/none’ is actualy a genuine identity file, it would be still be possible to specify it using its absolute path. [0] https://www.debian-administration.org/users/dkg/weblog/64
IdentityFile=none has already supported this since OpenSSH-6.2
Good to know, but that behavior is not documented AFAICT: https://man.openbsd.org/ssh_config.5
closing resolved bugs as of 8.6p1 release