[Bug 195554] New: ssh tries an explicit key _after_ key agent keys
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Dec 1 12:47:30 UTC 2014
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195554
Bug ID: 195554
Summary: ssh tries an explicit key _after_ key agent keys
Product: Base System
Version: 11.0-CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: bin
Assignee: freebsd-bugs at FreeBSD.org
Reporter: avg at FreeBSD.org
I wonder if the way ssh behaves is sane in the following situation.
I have ssh-agent running and there is a number of keys added to it.
Then I run ssh -i foo bar and what I see is that ssh first tries the keys from
the agent rather than foo.
But in this case I get "Too many authentication failures" before the explicit
key is even tried.
if I unset SSH_AGENT_PID and SSH_AUTH_SOCK then everything is okay, obviously.
Redacted output of ssh -vv:
debug2: key: /home/avg/.ssh/id_dsa (0x8038163c0),
debug2: key: /home/avg/.ssh/id_dsa_xxx (0x803816440),
debug2: key: /home/avg/.ssh/id_dsa_yyy (0x8038164c0),
debug2: key: /home/avg/.ssh/zzz (0x803816540),
debug2: key: /home/avg/.ssh/vvv (0x8038165c0),
debug2: key: /home/avg/.ssh/www (0x803816640),
debug2: key: /usr/local/lib/ruby/gems/2.0/gems/vagrant-1.6.5/keys/vagrant
(0x803816100), explicit
debug1: Authentications that can continue:
publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering DSA public key: /home/avg/.ssh/id_dsa
...
debug1: Offering RSA public key: /home/avg/.ssh/www
debug2: we sent a publickey packet, wait for reply
Received disconnect from x.x.x.x: 2: Too many authentication failures for avg
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list