[SSHD-1218] Pubkey auth: keys from ssh-agent are used even if HostConfigEntry.isIdentitiesOnly() is true - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.7.0
Fix Version/s: 2.8.0
Labels:
None

Description

UserAuthPublicKeyIterator unconditionally includes keys from the SSH agent if there is an SshAgentFactory. This should be done only if !HostConfigEntry.isIdentitiesOnly().

Also, there is a completely superfluous requirement that the SshAgentFactory return a non-null SshAgent in that iterator. UserAuthPublicKeyIterator.initializeAgentIdentities() could just return null in that case.

Furthermore it would be useful if the session was passed through to SshAgentFactory.createAgent().

Finally, the ordering of keys from different sources seems to be strange. Agent keys always come first, then the session keys. The session keys are the ones set explicitly, plus then the default keys. So the order is <agent, explicit, default>. I think this should be <explicit, agent, default>.

Attachments

Activity

People

Assignee:: Thomas Wolf

Reporter:: Thomas Wolf

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 23/Oct/21 16:14

Updated:: 23/Oct/21 23:10

Resolved:: 23/Oct/21 23:10