Bug#513235: gnome-keyring: selects wrong key when multiple ssh identities are used
Josselin Mouette
joss at debian.org
Tue Jan 27 16:21:12 UTC 2009
reassign 513235 openssh-client
retitle 513235 ssh tries the keys proposed by the agent before those passed with -i
thanks
Le mardi 27 janvier 2009 à 16:36 +0100, Bjørn Mork a écrit :
> >> I regularily log into a system which uses different ssh keys to select different
> >> configurations. This fails if gnome-keyring-daemon is running. It seems to use
> >> previously learned keys even if you specify "ssh -i <keyfile>", or use the
> >> IdentityFile keyword in ~/.ssh/config.
> >
> > It would be interesting to see whether this happens if you use ssh-agent
> > instead of gnome-keyring. If you add the first key to the agent, do you
> > see the same behavior with "ssh -i key2" ?
>
> Just running ssh-agent isn't a problem. But you're right that any key
> added to the agent seems to be used before other keys. If I add the key
> to ssh-agent, then it will be used first.
So indeed, ssh is trying the keys proposed by the agent before those
passed with the -i option. This looks like the root cause to me, since
command-line arguments should have priority over things proposed by an
external process.
Cheers,
--
.''`.
: :' : We are debian.org. Lower your prices, surrender your code.
`. `' We will add your hardware and software distinctiveness to
`- our own. Resistance is futile.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message
=?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
Url : http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20090127/28940c35/attachment.pgp
More information about the pkg-gnome-maintainers
mailing list