Too many public keys

Aris Adamantiadis aris at
Fri Apr 5 19:56:20 EST 2013

If you have too many public keys, you can use a config file to
specifically set an identity file to use with an host. I don't see what
problems you try to resolve, when in the opposite this limitation of
public key numbers tries per connection has actually been useful during
the Debian Openssl fiasco.
While I agree that there's no point counting failed gssapi attempts as
these cannot really be bruteforced.


Le 3/04/13 19:22, Andy Lutomirski a écrit :

> I wonder if (with a protocol extension) something even better could be
> done: take all locally available private keys, construct a small Bloom
> filter and send it to the server, and have the server decide whether
> any of the keys it accepts match.  (This would be efficient for shell
> accounts but would be worse than useless for things like gitolite.)
> --Andy

More information about the openssh-unix-dev mailing list