Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Which they've done from the sound of it, and are concerned about the ability to read those other public keys and use them as a tracking vector.


As another commenter already pointed out, the IdentitiesOnly config option removes that ability. The ssh-config man page explains this.


Out of curiosity, are there reasons that that behavior shouldn't be the default?


I can think of three reasons:

1. It would stop SSH agent forwarding from working if the remote has it enabled.

2. It would stop alternative SSH agent implementations from working.

3. It would only make sense if you actually have multiple identities.


I'm not sure it makes much sense unless you also override the default IdentifyFile.


Argh, IdentityFile.

I make the same damn mistake in my actual config file, too.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: