2 files changed, 10 insertions, 1 deletions

diff --git a/Assistant/Ssh.hs b/Assistant/Ssh.hs
index 10a4c7838..7a93a2fa9 100644
--- a/Assistant/Ssh.hs
+++ b/Assistant/Ssh.hs
@@ -172,6 +172,9 @@ genSshKeyPair = withTmpDir "git-annex-keygen" $ \dir -> do
  - ~/.ssh/ANYTHING.pub, and uses them indiscriminately. But using this key
  - for a normal login to the server will force git-annex-shell to run,
  - and locks the user out. Luckily, it does not recurse into subdirectories.
+ -
+ - Similarly, IdentitiesOnly is set in the ssh config to prevent the
+ - ssh-agent from forcing use of a different key.
  -}
 setupSshKeyPair :: SshKeyPair -> SshData -> IO SshData
 setupSshKeyPair sshkeypair sshdata = do
@@ -188,7 +191,9 @@ setupSshKeyPair sshkeypair sshdata = do
 		writeFile (sshdir </> sshpubkeyfile) (sshPubKey sshkeypair)
 
 	setSshConfig sshdata
-		[ ("IdentityFile", "~/.ssh/" ++ sshprivkeyfile) ]
+		[ ("IdentityFile", "~/.ssh/" ++ sshprivkeyfile)
+		, ("IdentitiesOnly", "yes")
+		]
   where
 	sshprivkeyfile = "git-annex" </> "key." ++ mangleSshHostName sshdata
 	sshpubkeyfile = sshprivkeyfile ++ ".pub"
diff --git a/debian/changelog b/debian/changelog
index ec8a748e6..d7752f51c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,6 +11,10 @@ git-annex (4.20130724) UNRELEASED; urgency=low
     that caused git-annex sync on FAT or other crippled filesystems to add
     symlink standin files to the annex.
   * importfeed can be used to import files from podcast feeds.
+  * webapp: When setting up a dedicated ssh key to access the annex
+    on a host, set IdentitiesOnly to prevent the ssh-agent from forcing
+    use of a different ssh key. That could result in unncessary password
+    prompts, or prevent git-annex-shell from being run on the remote host.
   * Add status message to XMPP presence tag, to identify to others that
     the client is a git-annex client. Closes: #717652
   * webapp: When creating a repository on a removable drive, set