Finding a resident key stored in an agent without a corresponding file?

Jochen Bern Jochen.Bern at
Mon Mar 22 20:58:38 AEDT 2021

On 21.03.21 15:36, Lars Noodén wrote:
> With six or fewer keys in the agent, assuming default MaxAuthTries in
> the server, it is then only a matter of having the SSH client use the
> agent and the right key will be found.  However, with many keys already
> in the agent, the key has to be specified explicitly or the 'wrong' keys
> will get tried first.

Umh, *does* every privKey that ssh "offers" (as the debug output calls
it) qualify as an actual authentication attempt, and thus count against
MaxAuthTries? If I may trust my everyday experience with ssh-agent and
"ssh-add -c", there's no *signature* being generated with ones that were
"offered" but refused.

Otherwise, your request would be quite clearly in the "provide a by-use
filter capability for the privKeys an ssh-agent holds" territory that
was discussed - with a focus on agent *forwarding*, though - on this
list a little while ago ...

Jochen Bern

Binect GmbH

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the openssh-unix-dev mailing list