Managing multiple ssh keys

Posted by Mathijs Kwik on Super User See other posts from Super User or by Mathijs Kwik
Published on 2012-12-07T10:49:41Z Indexed on 2012/12/07 11:08 UTC
Read the original article Hit count: 171

Filed under:

I have a lot of ssh keys, they are all passphrase protected and managed by ssh-agent. As a result of this, I am now getting "Too many authentication failures" on some connections.

As has been explained on this site before, this is because ssh will try all keys the agent throws at it.

The proposed solution is to use IdentitiesOnly in the config, together with an IdentityFile. While this indeed stops offering wrong keys, it seems it completely disables the agent in full, so now I have to type the passphrase on every connection.

I could not find clear info about this. Does IdentitiesOnly just disable getting keys from ssh-agent in full? Or should it just block out the keys that aren't mentioned?

Thanks, Mathijs

# here's my config
~% cat .ssh/config
Host bluemote
  HostName some.host.com
  IdentitiesOnly yes
  IdentityFile /home/mathijs/.ssh/keys/bluebook_ecdsa

# I had the key loaded into the agent, shown here
~% ssh-add -L
ecdsa-sha2-nistp521 SOME_LONG_BASE64_NUMBER== /home/mathijs/.ssh/keys/bluebook_ecdsa

# but it doesn't seem to get used
~% ssh bluemote
Enter passphrase for key '/home/mathijs/.ssh/keys/bluebook_ecdsa':

© Super User or respective owner

Related posts about ssh