Managing multiple ssh keys
Posted
by
Mathijs Kwik
on Super User
See other posts from Super User
or by Mathijs Kwik
Published on 2012-12-07T10:49:41Z
Indexed on
2012/12/07
11:08 UTC
Read the original article
Hit count: 171
ssh
I have a lot of ssh keys, they are all passphrase protected and managed by ssh-agent. As a result of this, I am now getting "Too many authentication failures" on some connections.
As has been explained on this site before, this is because ssh will try all keys the agent throws at it.
The proposed solution is to use IdentitiesOnly in the config, together with an IdentityFile. While this indeed stops offering wrong keys, it seems it completely disables the agent in full, so now I have to type the passphrase on every connection.
I could not find clear info about this. Does IdentitiesOnly just disable getting keys from ssh-agent in full? Or should it just block out the keys that aren't mentioned?
Thanks, Mathijs
# here's my config
~% cat .ssh/config
Host bluemote
HostName some.host.com
IdentitiesOnly yes
IdentityFile /home/mathijs/.ssh/keys/bluebook_ecdsa
# I had the key loaded into the agent, shown here
~% ssh-add -L
ecdsa-sha2-nistp521 SOME_LONG_BASE64_NUMBER== /home/mathijs/.ssh/keys/bluebook_ecdsa
# but it doesn't seem to get used
~% ssh bluemote
Enter passphrase for key '/home/mathijs/.ssh/keys/bluebook_ecdsa':
© Super User or respective owner