This repository has been archived by the owner on Jun 15, 2023. It is now read-only.
Add ssh option to explicitly used named key #107
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The ssh command will attempt to connect to the instance by offering each of the ssh keys registered with the ssh agent on the user's system and then offering the key provided explicitly on the command-line from the '-i' option. Arguably this order seems wrong, but that is the behavior of openssh. For users that have a number of keys registered with their agent the host may reject the connection attempt due to too many failed keys (default for this is 5) without ever trying the key specified on the command-line. This patch adds the `IdentitiesOnly` ssh option which has ssh ignore the keys registered with the agent and only attempt a connection using the key specified by the '-i' option. This ensures that the correct key is used, and only that key. It provides a smoother, more consistent experience and helps with the support experience as failures with this command-line eliminate some additional debugging of the key exchange.
|
This same change has been proposed for ec2instanceconnectcli @ aws/aws-ec2-instance-connect-cli#10 |
|
Thanks for the contribution! |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The ssh command will attempt to connect to the instance by offering each of the ssh keys registered with the ssh agent on the user's system and then offering the key provided explicitly on the command-line from the '-i' option. Arguably this order seems wrong, but that is the behavior of openssh. For users that have a number of keys registered with their agent the host may reject the connection attempt due to too many failed keys (default for this is 5) without ever trying the key specified on the command-line.
This patch adds the
IdentitiesOnlyssh option which has ssh ignore the keys registered with the agent and only attempt a connection using the key specified by the '-i' option. This ensures that the correct key is used, and only that key. It provides a smoother, more consistent experience and helps with the support experience as failures with this command-line eliminate some additional debugging of the key exchange.Issue #, if available:
Description of changes:
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.