Page MenuHome GnuPG

The ssh keys are no longer returned in the order from control file after T5996
Closed, ResolvedPublic


The T5996 introduced semantic changes how the ssh keys are returned. Previously, the order was determined by the order of keys in the control file, now they are sorted by keygrip fingerprint (as the control file is only consulted after the key is read from file?). This is a regression as the SSH relies on the order of the keys returned and tries them in this order, unless overridden with IdentitiesOnly and IdentityFile options.


External Link
master, 2.3.6

Event Timeline

werner triaged this task as Normal priority.Sep 19 2022, 8:19 PM
werner edited projects, added Feature Request, ssh; removed Bug Report.
werner added a subscriber: werner.

We want to get rid of sshcontrol but we could keep it as an optional configuration to sort keys. I won't say it is a bug, though.

Let's first collect all keys, assign a priority, sort, and only then send them back to ssh.

See the the commit for a description of the changes.

werner changed the task status from Open to Testing.Feb 1 2023, 9:36 AM
werner moved this task from QA to WiP on the gnupg24 board.
werner moved this task from WiP to QA on the gnupg24 board.
ebo claimed this task.