IdentityFile vs IdentitiesOnly
Harald Dunkel
harald.dunkel at aixigo.de
Mon Apr 1 17:10:07 AEDT 2019
Hi folks,
I've got a moderate number of keys in my ssh config file.
Problem: Very often I get an error message like
Received disconnect from 2001:db8::8077 port 999:2: Too many authentication failures
Authentication failed.
AFAIU the ssh-agent is to blame here, trying out all keys
he has ever seen. This conflicts with MaxAuthTries 6, set by
default on the peer.
The solution seems to be to set IdentitiesOnly, e.g.:
:
:
Host host.example.com 2001:db8::8077
IdentityFile ~/.ssh/id_ecdsa
IdentitiesOnly yes
Port 999
:
:
Shouldn't an explicit IdentityFile (as in the example) *imply*
IdentitiesOnly?
Every helpful comment is highly appreciated
Harri
More information about the openssh-unix-dev
mailing list