Paul L. Snyder on 27 May 2004 20:41:02 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] ssh_config

Quoting Jeff Abrahamson <>:

> I attempt to connect to a host and am told too many attempts.  Running
> ssh -v confirms that ssh is trying the correct key only after trying
> many keys it should not have tried.
> The question is why ssh isn't first using the keys I've requested it
> use.

A close reading of the manpage for ssh_config(5), under IdentityFile, reveals
that it "[s]pecifies a file from which the user's RSA or DSA authentication
identity is read...Additionally, any identities represented by the
authentication agent will be used for authentication."

And also check IdentitiesOnly, which "[s]pecifies that ssh should only use the
authentication identity files configured in the ssh_config files, even if the
ssh-agent offers more identities...This option is intented [sic] for situations
where ssh-agent offers many different identities."

It looks like ssh-agent is pretty indiscriminate about the identities that it
offers.  I'd try playing around with IdentitiesOnly for your * Host
section.  (Though I can't tell from reading the manpage if this will make you
reenter your passphrase, which would be undesirable.)

> Note that I begin by starting a new ssh-agent and add keys to it.
> (ssh-mult is just an alias to ssh-add key1 key2 ....)

As an alternate path, since you've probably only added one key (RSA or DSA) to
the authorized_keys on each host, you might try adding only the key you are
using to ssh-agent.

> This is very frustrating, I thought I'd gotten this all working.

It looks like ssh-agent needs a "hints" file,  or should take a clue from


Philadelphia Linux Users Group         --
Announcements -
General Discussion  --