ssh does not honor -i switch with config file
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssh (Ubuntu) |
Confirmed
|
Low
|
Unassigned |
Bug Description
(I'm using Ubuntu 10.10 amd64)
(batrick@
ssh:
Installed: 1:5.5p1-4ubuntu4
Candidate: 1:5.5p1-4ubuntu4)
If the ~/.ssh/config file contains an IdentityFile, then ssh will ignore the one given on the command line switch (but still open and read it following strace). For example:
batrick@
CheckHostIP yes
Compression no
ConnectionAttempts 1
ConnectTimeout 5
HashKnownHosts yes
HostKeyAlgorithms ssh-rsa
IdentityFile ~/.ssh/id_rsa
UserKnownHostsFile ~/.ssh/known_hosts
PreferredAuthen
Using this command:
batrick@
The .ssh/id_
Here is the debug output for the above command with -v for verbose output:
batrick@
OpenSSH_5.5p1 Debian-4ubuntu4, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /home/batrick/
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to svn.batbytes.com [72.14.184.61] port 22.
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug1: identity file /home/batrick/
debug1: Checking blacklist file /usr/share/
debug1: Checking blacklist file /etc/ssh/
debug1: identity file /home/batrick/
debug1: identity file /home/batrick/
debug1: Checking blacklist file /usr/share/
debug1: Checking blacklist file /etc/ssh/
debug1: identity file /home/batrick/
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-5
debug1: match: OpenSSH_5.1p1 Debian-5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_
debug1: expecting SSH2_MSG_
debug1: SSH2_MSG_
debug1: expecting SSH2_MSG_
debug1: Host 'svn.batbytes.com' is known and matches the RSA host key.
debug1: Found key in /home/batrick/
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_
debug1: SSH2_MSG_
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/batrick/
debug1: Server accepts key: pkalg ssh-rsa blen 533
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting <email address hidden>
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending command: svnserve -t
( success ( 2 2 ( ) ( edit-pipeline svndiff1 absent-entries commit-revprops depth log-revprops partial-replay ) ) ) ^Cdebug1: channel 0: free: client-session, nchannels 1
debug1: Killed by signal 2.
You can see when the actual negotiation takes place it sends the public key for /home/batrick/
For completeness, I'll show that commenting out that config file line solves the problem:
batrick@
CheckHostIP yes
Compression no
ConnectionAttempts 1
ConnectTimeout 5
HashKnownHosts yes
HostKeyAlgorithms ssh-rsa
#IdentityFile ~/.ssh/id_rsa
UserKnownHostsFile ~/.ssh/known_hosts
PreferredAuthen
batrick@
OpenSSH_5.5p1 Debian-4ubuntu4, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /home/batrick/
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to svn.batbytes.com [72.14.184.61] port 22.
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug1: identity file /home/batrick/
debug1: Checking blacklist file /usr/share/
debug1: Checking blacklist file /etc/ssh/
debug1: identity file /home/batrick/
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-5
debug1: match: OpenSSH_5.1p1 Debian-5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_
debug1: expecting SSH2_MSG_
debug1: SSH2_MSG_
debug1: expecting SSH2_MSG_
debug1: Host 'svn.batbytes.com' is known and matches the RSA host key.
debug1: Found key in /home/batrick/
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_
debug1: SSH2_MSG_
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/batrick/
debug1: Remote: Forced command: svnserve --tunnel --tunnel-user batrick --root /home/batrick/
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Port forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug1: Remote: User rc file execution disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Server accepts key: pkalg ssh-rsa blen 533
debug1: Remote: Forced command: svnserve --tunnel --tunnel-user batrick --root /home/batrick/
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Port forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug1: Remote: User rc file execution disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting <email address hidden>
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending command: svnserve -t
( success ( 2 2 ( ) ( edit-pipeline svndiff1 absent-entries commit-revprops depth log-revprops partial-replay ) ) ) ^Cdebug1: channel 0: free: client-session, nchannels 1
debug1: Killed by signal 2.
Thank you for taking the time to report this bug and helping to make Ubuntu better.
Did you run into the same problem with previous version of Ubuntu (for example 10.04)?