From d1bba102c6fab1da24dbd8f79a9518f6779f1793 Mon Sep 17 00:00:00 2001
From: Julien Tesson <julien@radagast>
Date: Wed, 27 Aug 2025 12:39:39 +0200
Subject: [PATCH] Runner: ssh wrapper forces ssh to use ssh_id when it is
 provided

---
 CHANGES.md    | 6 ++++++
 lib/runner.ml | 5 ++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/CHANGES.md b/CHANGES.md
index c8a20f3a..9aaffefe 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -45,6 +45,12 @@
 - `Cli.Options.job_count` is now an `int option` instead of an `int`.
   Same for `~worker_count`.
   The latter only affects custom schedulers.
+## development version
+
+- when using a runner with ssh, and an ssh_id is provided, we now force ssh to
+  use this id only for authentication. Previous behaviour was that it also
+  looked at user's identity files.
+
 
 ## Version 4.2.0
 
diff --git a/lib/runner.ml b/lib/runner.ml
index f0f4eaaa..ea5c47e7 100644
--- a/lib/runner.ml
+++ b/lib/runner.ml
@@ -134,7 +134,10 @@ let wrap_with_ssh runner shell =
     @ (match runner.ssh_port with
       | None -> []
       | Some port -> ["-p"; string_of_int port])
-    @ match runner.ssh_id with None -> [] | Some id -> ["-i"; id]
+    @
+    match runner.ssh_id with
+    | None -> []
+    | Some id -> ["-o"; "IdentitiesOnly=yes"; "-i"; id]
   in
   ("ssh", runner.options @ ssh_args @ [cmd])
 
-- 
GitLab