> I am running into a problem with a ssh-add
> functionality in nevada b115. I had a script that
> would do the following:
>
> ssh-add ${HOME}/.ssh/*.[rd]sa
>
> In previous versions of nevada, this would run fine,
> yet for b115, the order of files found via the
> ${HOME}/.ssh/*.[rd]sa is not kept. This presents
> problems when ssh connections are made to other
> servers since the keys I want presented first, are
> not getting presented first. This is confirmed when
> doing an "ssh-add -l".
>
> Is there a way to control the key order so that the
> keys I want to have tried first, are used. I thought
> that the order in which I added keys, would translate
> to the order in which those keys are presented to the
> remote server, yet it looks like this ordering is not
> kept.
>
> Upon multiple tries of the "ssh-add
> ${HOME}/.ssh/*.[rd]sa" the results seem to vary. I
> have to keep trying until I get the "ssh-add -l" to
> display the order I need.
>
> Any insight would be greatly appreciated.
Most shells expand wildcards in sorted order; the sort order may be
affected by the locale. For instance, in "C" locale, sorts are case-sensitive,
while in en_US.UTF-8, they are not. That also affects "ls", which confuses
some people switching from "C" locale to a UTF-8 locale.
I didn't see you mention what shell your script uses. If it is the shell that's
the problem, and not something you're doing differently at different times,
then the problem is likely to be either with that shell, or with a library it
uses.
I suppose, although I haven't checked, that if one lists files on the
ssh-add command line, it adds them in the order listed (keeping in mind that
it's the shell that expands wildcards). However, if ssh-add and/or ssh-agent
had been changed, they might be hashing multiple entries, such that they
were listed or tried in an order that did not depend on the order of the files
on the command line.
A simple test whether it was ssh-add/ssh-agent or the shell might be to
echo the same wildcard of files:
echo ${HOME}/.ssh/*.[rd]sa
ssh-add ${HOME}/.ssh/*.[rd]sa
so you could see if the shell was expanding them in the same order each time.
If it is (unless doing the expansion twice in a row changes things somehow,
which I would think would itself be a bug in the shell), but your results remain
inconsistent, perhaps it's ssh-agent ordering them differently as it stores
them.
It does bother me that you're depending on multiple keys being stored in a
particular order. I'm not aware of anything that guarantees that keys will
be tried in a particular order, so I'm not sure that it's a bug if they're not
stored in (or tried in) any particular order.
--
This message posted from opensolaris.org
