Re: bin/58369: sshd blocklistd integration spuriously blocks legitimate users with multiple public keys

To: christos%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost, campbell+netbsd%mumble.net@localhost
Subject: Re: bin/58369: sshd blocklistd integration spuriously blocks legitimate users with multiple public keys
From: gnats-admin%netbsd.org@localhost
Date: Sun, 11 Aug 2024 14:00:02 +0000 (UTC)

The following reply was made to PR bin/58369; it has been noted by GNATS.

From: Tobias Nygren <tnn%NetBSD.org@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: bin/58369: sshd blocklistd integration spuriously blocks
 legitimate users with multiple public keys
Date: Sun, 11 Aug 2024 15:58:33 +0200

 On Sun, 11 Aug 2024 13:34:20 +0000
 Taylor R Campbell <riastradh%NetBSD.org@localhost> wrote:

 > For posterity, until this is deployed everywhere, the workaround for
 > users with multiple public keys is to put a stanza like the following
 > in ~/.ssh/config, so that ssh(1) will try exactly one public key for
 > the host in question:
 > 
 > Host cvs.example.com
 >     IdentityFile ~/.ssh/identities/id_ed25519

 Worth noting that this can also be applied with agent and key on
 hardware token, but you have to use the public key instead and specify
 IdentitiesOnly to make it do the right thing.
 (This is not really documented in the manual, but it works.)

 Host cvs.netbsd.org
 	IdentitiesOnly yes
 	IdentityFile ~/.ssh/id_ed25519.pub

Prev by Date: Re: bin/58369: sshd blocklistd integration spuriously blocks legitimate users with multiple public keys
Next by Date: Re: bin/58369: sshd blocklistd integration spuriously blocks legitimate users with multiple public keys
Previous by Thread: Re: bin/58369: sshd blocklistd integration spuriously blocks legitimate users with multiple public keys
Next by Thread: Re: bin/58369: sshd blocklistd integration spuriously blocks legitimate users with multiple public keys
Indexes:

Home | Main Index | Thread Index | Old Index