Finding a resident key stored in an agent without a corresponding file?

Aaron Jones me at
Mon Mar 22 22:09:11 AEDT 2021

On 22/03/2021 09:58, Jochen Bern wrote:
> Umh, *does* every privKey that ssh "offers" (as the debug output calls
> it) qualify as an actual authentication attempt, and thus count against
> MaxAuthTries?

Yes, in my experience it does, and with a large keyring collection in
the agent, or with a lot of keys located at default paths, a server with
a low MaxAuthTries limit will boot me out, before I can even attempt
auth, unless I specify an explicit IdentityFile= and also specify
IdentitiesOnly=yes (so that it doesn't try any others, even those
located at default paths).

Aaron Jones

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the openssh-unix-dev mailing list