Re: Too many authentication failures

On 2008-01-27, phil-news-nospam@xxxxxxxx <phil-news-nospam@xxxxxxxx> wrote:
On Sun, 27 Jan 2008 16:40:16 +1100 Darren Tucker <dtucker@xxxxxxxxxxxxxxxx> wrote:
[...]
| Perhaps it would have been better named "SpecifiedIdentitiesOnly",
| but I guess it's a victim of a verbosity/descriptiveness tradeoff.

Or "UseAgentKeys no" ?

That would be misleading, it will use keys from the agent, but only the
ones specified by IdentityFile (ie you can load a bunch of keys into
the agent and pick which one to use per-host.

|> And from what I read in (man ssh_config) it
|> would use only identities as configured. Based on that, there would be
|> no reason to try it, any more than any other randomly chosen option.
|
| Other than it being suggested when you asked?

It is a frequent experience that people don't understand what I asked.
Sorry if that's not the case here. Over the history of Usenet, this does
happen a whole lot. Maybe that's also a problem of the tradeoff of
verbosity vs. not in Usenet posts. Did I explain myself well enough.
Quite often I'm not in an easy position to "just try it". Right now I
cannot until I go to work tomorrow.

Now the question, is there a reason to believe it will work? From what
you say it, I still believe not. That is because I'm not even using an
agent at all. All the keys are from the IdentityFile directives in the
config file. How is IdentitiesOnly going to change that?

It won't. I didn't realise from your earlier messages that you were not
using the agent. In that case, PreferredAuthentications will also do
what you want.

Maybe there should be a way to clear the IdentityFile list (eg
"IdentityFile none").

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
.

Relevant Pages

  • Re: Too many authentication failures
    ... |>| but I guess it's a victim of a verbosity/descriptiveness tradeoff. ... | the agent and pick which one to use per-host. ... All the keys are from the IdentityFile directives in the ... It would make sense in a section of the config file ...
    (comp.security.ssh)
  • Re: Apache Software Foundation Server compromised, resecured. (fwd)
    ... >> originating client hosting the first ssh-agent in a chain. ... >> forward your agent from trusted host A to untrusted host B, ... there is a sshd process on Host_B which is ... you used public keys and did not do agent forwarding, ...
    (FreeBSD-Security)
  • Re: Apache Software Foundation Server compromised, resecured. (fwd)
    ... >>> forward your agent from trusted host A to untrusted host B, ... >> this would be a standard man in the middle attack, ... Say you connect from Host_A to Host_B with agent forwarding ... > you used public keys and did not do agent forwarding, ...
    (FreeBSD-Security)
  • villa madly selects Annes set
    ... agent, they must have some legal recourse in ... # the event that those keys are improperly released. ... # recent draft of the escrow procedures specifically states, ...
    (sci.engr.joining.welding)
  • Re: Agent 3.0 Released
    ... it's the quote character I've been using for 11 years. ... >> using it long before I was an employee, ... I published about 400 generated Agent ... posted requests for keys). ...
    (news.software.readers)