IdentityFile vs IdentitiesOnly

Harald Dunkel harald.dunkel at
Mon Apr 1 17:10:07 AEDT 2019

Hi folks,

I've got a moderate number of keys in my ssh config file.
Problem: Very often I get an error message like

Received disconnect from 2001:db8::8077 port 999:2: Too many authentication failures
Authentication failed.

AFAIU the ssh-agent is to blame here, trying out all keys
he has ever seen. This conflicts with MaxAuthTries 6, set by
default on the peer.

The solution seems to be to set IdentitiesOnly, e.g.:

	Host 2001:db8::8077
		IdentityFile ~/.ssh/id_ecdsa
		IdentitiesOnly yes
		Port 999

Shouldn't an explicit IdentityFile (as in the example) *imply*

Every helpful comment is highly appreciated

More information about the openssh-unix-dev mailing list