|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Quoting Jeff Abrahamson <jeff@purple.com>:
> I attempt to connect to a host and am told too many attempts. Running
> ssh -v confirms that ssh is trying the correct key only after trying
> many keys it should not have tried.
[...]
> The question is why ssh isn't first using the keys I've requested it
> use.
A close reading of the manpage for ssh_config(5), under IdentityFile, reveals
that it "[s]pecifies a file from which the user's RSA or DSA authentication
identity is read...Additionally, any identities represented by the
authentication agent will be used for authentication."
And also check IdentitiesOnly, which "[s]pecifies that ssh should only use the
authentication identity files configured in the ssh_config files, even if the
ssh-agent offers more identities...This option is intented [sic] for situations
where ssh-agent offers many different identities."
It looks like ssh-agent is pretty indiscriminate about the identities that it
offers. I'd try playing around with IdentitiesOnly for your *.sf.net Host
section. (Though I can't tell from reading the manpage if this will make you
reenter your passphrase, which would be undesirable.)
> Note that I begin by starting a new ssh-agent and add keys to it.
> (ssh-mult is just an alias to ssh-add key1 key2 ....)
As an alternate path, since you've probably only added one key (RSA or DSA) to
the authorized_keys on each host, you might try adding only the key you are
using to ssh-agent.
> This is very frustrating, I thought I'd gotten this all working.
It looks like ssh-agent needs a "hints" file, or should take a clue from
ssh_config.
Cheers,
pls
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|