Does IdentitiesOnly just disable getting keys from ssh-agent in full? Or should it just block out the keys that aren't mentioned?
e
it seems it completely disables the agent in full
Esse é o comportamento pretendido, conforme descrito na manpage ssh_config(5)
:
IdentitiesOnly
Specifies that ssh(1) should only use the authentication identity
files configured in the ssh_config files, even if ssh-agent(1)
offers more identities. The argument to this keyword must be
“yes” or “no”. This option is intended for situations where ssh-
agent offers many different identities. The default is “no”.
IdentityFile
Specifies a file from which the user's DSA, ECDSA or DSA authen‐
tication identity is read. The default is ~/.ssh/identity for
protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and
~/.ssh/id_rsa for protocol version 2. Additionally, any identi‐
ties represented by the authentication agent will be used for
authentication. ssh(1) will try to load certificate information
from the filename obtained by appending -cert.pub to the path of
a specified IdentityFile.
Existe uma tarefa: ssh-add
. Embora um agente de chave SSH regular pareça estar desativado usando IdentitiesOnly
, os que eu adiciono usando ssh-add
são usados de qualquer maneira.