Bug 2362 - Please add a possibility to disable IdentityFiles
Summary: Please add a possibility to disable IdentityFiles
Status: CLOSED WORKSFORME
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: 6.7p1
Hardware: amd64 Linux
: P5 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-03-07 03:53 AEDT by Guilhem
Modified: 2021-04-23 15:10 AEST (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Guilhem 2015-03-07 03:53:41 AEDT 
For various reasons [0] one might not want to give ssh(1) access to the private key material, and force the use of the agent instead.  However, while it's currently possible to ignore the identities offered by the agent, AFIK it's not possible to ignore identity files.

A way around is to specify a file that does not exist (e.g., ‘IdentityFile none’), but such behavior is not specified in ssh_config(5), and is also error-prone.  I suggest to make ‘none’ a special argument for ‘IdentityFile’, and make it empty the list of identity files; if ‘~/.ssh/none’ is actualy a genuine identity file, it would be still be possible to specify it using its absolute path.


[0] https://www.debian-administration.org/users/dkg/weblog/64
Comment 1 Damien Miller 2018-05-11 13:53:19 AEST 
IdentityFile=none has already supported this since OpenSSH-6.2
Comment 2 Guilhem 2018-08-30 20:50:46 AEST 
Good to know, but that behavior is not documented AFAICT: https://man.openbsd.org/ssh_config.5
Comment 3 Damien Miller 2021-04-23 15:10:59 AEST 
closing resolved bugs as of 8.6p1 release