Consider IdentityFile from SSH Config with UserAuthPublicKey
kwin opened this issue · comments
Description
In order to support edge cases with SSH agents like outlined in either
- https://keepassxc.org/docs/#faq-ssh-agent-openssh or
- https://developer.1password.com/docs/ssh/agent/advanced#match-key-with-host
it is important to evaluate the SSH config entry for IdentityFile settings first. In case it specifies a public key this should be used preferably for the SSH Agent Userauth Request (
IdentiesOnly is set to true) when trying to sign the request.
Motivation
Password managers nowadays often manage private keys. As SSH servers have limitations in terms of number of SSH keys to try or sometimes even only consider the first key (like https://learn.microsoft.com/en-us/azure/devops/repos/git/use-ssh-keys-to-authenticate?view=azure-devops#q-i-have-multiple-ssh-keys-how-do-i-use-the-correct-ssh-key-for-azure-devops) the public key given via IdentityFile should be used even together with SSH agents.
Alternatives considered
No response
Additional context
No response
Sorry, this seems to be a upstream issue of https://github.com/eclipse-jgit/jgit/blob/master/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyAuthentication.java#L330 only, therefore closing here and only tracking in eclipse-jgit/jgit#25.