Bug 410 - when -i or IdentityFile is specified, agent keys are still tried first
Summary: when -i or IdentityFile is specified, agent keys are still tried first
Status: CLOSED WONTFIX
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh-agent (show other bugs)
Version: -current
Hardware: All All
: P2 minor
Assignee: OpenSSH Bugzilla mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-10-04 06:35 AEST by Allan Stokes
Modified: 2004-04-14 12:24 AEST (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Allan Stokes 2002-10-04 06:35:45 AEST 
I noticed this because I have five keys in my ssh-add -l list and I often 
experience the behaviour when connecting to systems where I use password auth 
that if I don't get the password right on the first shot, it tells me "too many 
auth failures" and I don't get a second chance.  

So I was looking at the -v output and wondering why all my ssh-agent identities 
are tried _before_ the identity explicitly configured in the .ssh/config file 
or supplied on the command line with -i.  

It would be nice to have an option to suppress the ssh-agent auth attempts when 
I know they aren't applicable.
Comment 1 Markus Friedl 2002-10-04 17:34:22 AEST 
it's not documented that -i or IdentityFile overwrite
the agent and it's to late to even consider this change.

if you don't want to use the agent, unset SSH_AUTH_SOCK
Comment 2 Markus Friedl 2002-10-04 19:15:35 AEST 
we cannot change this.
Comment 3 Damien Miller 2004-04-14 12:24:18 AEST 
Mass change of RESOLVED bugs to CLOSED