On 1/28/21 3:20 PM, Tilo Eckert wrote:
This workaround does not work either:
IdentityFile /path/to/id
Host somehost
IdentityFile /path/to/other_id
The host-specific IdentityFile is ignored as well if a global one is
present. The seen flags should probably be reset when encountering a
"Host" or "Match" keyword (in addition to the suggestion below).
Hi,
thank you for the report. This is indeed oversight and IdentityFile
should be accepted multiple times similarly as in OpenSSH and similarly
as few other configuration options.
You can always use a workaround as this:
Host somehost
IdentityFile /path/to/other_id
Match all
IdentityFile /path/to/id
Regards,
Jakub
Regards
Tilo
Am 28.01.21 um 14:32 schrieb Tilo Eckert:
Hi,
~/.ssh/config can contain multiple lines with the "IdentityFile"
keyword to add multiple keys to try in public key authentication.
The libssh config parser ignores all but the first IdentityFile line,
resulting in failed authentication if the key that is accepted by the
server is not the first.
The issue seems to be the "seen" array in ssh_config_parse_line()
which already has Host, Match and Include as exceptions. Probably just
need to add IdentityFile.
Regards
Tilo
--
Jakub Jelen
Senior Software Engineer
Crypto Team, Security Engineering
Red Hat, Inc.