Choose identity from ssh-agent by file name

Posted by leoluk on Server Fault See other posts from Server Fault or by leoluk
Published on 2012-06-24T10:06:55Z Indexed on 2012/06/24 15:17 UTC
Read the original article Hit count: 369

Filed under:
|
|

Problem: I have some 20-30 ssh-agent identities. Most servers refuse authentication with Too many failed authentications, as SSH usually won't let me try 20 different keys to log in.

At the moment, I am specifying the identity file for every host manually, using the IdentityFile and the IdentitiesOnly directive, so that SSH will only try one key file, which works.

Unfortunately, this stops working as soon as the original keys aren't available anymore. ssh-add -l shows me the correct paths for every key file, and they match with the paths in .ssh/config, but it doesn't work. Apparently, SSH selects the indentity by public key signature and not by file name, which means that the original files have to be available so that SSH can extract the public key.

There are two problems with this:

  • it stops working as soon as I unplug the flash drive holding the keys
  • it renders agent forwarding useless as the key files aren't available on the remote host

Of course, I could extract the public keys from my identity files and store them on my computer, and on every remote computer I usually log into. This doesn't looks like a desirable solution, though.

What I need is a possibility to select an identity from ssh-agent by file name, so that I can easily select the right key using .ssh/config or by passing -i /path/to/original/key, even on a remote host I SSH'd into. It would be even better if I could "nickname" the keys so that I don't even have to specify the full path.

© Server Fault or respective owner

Related posts about ssh

Related posts about ssh-keys

  • Is it reasonable to have multiple SSH keys?

    as seen on Super User - Search for 'Super User'
    So far I've created a separate SSH key for each server I need to login to (for each purpose, to be more accurate). I did it out of a sense of security, just like different passwords to different sites. Does having multiple SSH keys actually improve security? All of them are used from the same machine… >>> More

  • Ubuntu Github ssh keys issue

    as seen on Stack Overflow - Search for 'Stack Overflow'
    I followed every step given in this guide: http://help.github.com/linux-key-setup/ When I get to the end I am able to ssh to [email protected], getting the response: PTY allocation request failed on channel 0 Hi AlexBaranosky! You've successfully authenticated, but GitHub does not provide shell… >>> More

  • Problem with shared ssh keys

    as seen on Super User - Search for 'Super User'
    Following the process I've used in other environments (http://www.trilug.org/pipermail/trilug/Week-of-Mon-20080602/054712.html), I've tried setting-up shared keys between my Mac and my CentOS 4 webserver. I've seen the same problem with my older Ubuntu 7.10 workstation trying to connect via keys to… >>> More

  • Invalidating unused ssh keys

    as seen on Server Fault - Search for 'Server Fault'
    I am using one ssh account for all my Subversion users. They send me their public keys and I put them in .ssh/authorized_key of the svn account, then they can check out the code from Subversion using ssh tunnel. So far everything works fine. The problem though is that I want to invalidate keys that… >>> More

  • SSH keys fail for one user

    as seen on Server Fault - Search for 'Server Fault'
    I just set up a new Debian server. I disabled root SSH and password auth, so you've gotta use a key file. For my primary user, everything works exactly as expected. I used ssh-keygen -t dsa and got myself a public and private key. Put one in authorized keys, put the other in a pem file locally. I… >>> More