Why does SSH seem to remember my valid connection settings even though they're now invalid?

Question

I'm troubleshooting some stuff with an application I'm working on that uses SFTP. Along the way, I'm using the openSSH command line client to connect to a separate SFTP server, using a configuration file (~/.ssh/config). In between tests, I'm changing the configurations, and at times I try to deliberately test an invalid configuration.

Currently, I just changed my config file to remove the IdentityFile line. Without this, it shouldn't know what key file to use to try and make the connection, and as such, the connection should fail. However, every time I ssh to that hostname, the connection succeeds without even so much as a password prompt.

This is BAD. My server requires the use of the keyfile, I know this because my application cannot connect without one. Yet it's almost like SSH is remembering an old, valid configuration for the server even though my current configuration is invalid.

What can I do to fix this? I don't want SSH to be hanging onto old configurations like this.

Answer 1

If you don't specify IdentityFile, the ssh will use the keys in default location (~/.ssh/id_{rsa,dsa,ecdsa}), as described in the manual page for ssh:

IdentityFile

Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication identity is read. The default is ~/.ssh/identity for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2. [...]