Like most sysadmins I use openssh all the time. I have about a dozen ssh keys, I like to have a different ssh key for each host. However this causes a problem when I am connecting to a host for the first time, and all I have is a password. I want to just connect to the host using a password, no ssh key in this case. However the ssh client will offer all the public keys in my ~/.ssh/
(I know this from looking at the output of ssh -v
). Since I have so many, I will get disconnected for too many authentication failures.
Is there some way to tell my ssh client to not offer all the ssh keys?
Best Answer
This is expected behaviour according to the man page of
ssh_config
:Basically, specifying
IdentityFile
s just adds keys to a current list the SSH agent already presented to the client.Try overriding this behaviour with this at the bottom of your
.ssh/config
file:You can also override this setting on the host level, e.g.: