Ordering of key offers with "ssh -i"
Darren Tucker
dtucker at zip.com.au
Sun Jul 26 09:41:49 EST 2009
Tim Jackson wrote:
> Hi
>
> Is it expected behaviour that when using "ssh -i", the key specified in
> the "-i" option is only sent to the server *after* trying all other keys
> in ~/.ssh ? I couldn't find anything about this in the manual, and it
> seems like surprising behaviour to me. It can be the cause of unexpected
> failures in some cases, if a server has MaxAuthTries set to a value
> which is less than the number of keys that the client has available.
What you're looking for is, from ssh_config(5):
IdentitiesOnly
Specifies that ssh(1) should only use the authentication identity
files configured in the ssh_config files, even if ssh-agent(1)
offers more identities. The argument to this keyword must be
``yes'' or ``no''. This option is intended for situations where
ssh-agent offers many different identities. The default is
``no''.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list