openssh unix dev - Oct 2024 - [Possible phishing attempt] Re: ssh while ssh-agent is running

> ssh should do this already
Hi Damien,
Let's discuss what it does already... For example, if ssh-agent already has
six keys, will it append the "-i key" as the seventh choice?
Apparently there is a "six-key authentication limit on most servers".
A
seventh key will fail. If ssh is adding the new key to the end of the list
it would be expected to fail.
This limit is actually why I haven't added to the newer key to the agent
also.

Which leads to an idea: how about switching the  "-i key" to the top
of the
list, instead of the end.
> IdentitiesOnly
Ok. The option "-o IdentitiesOnly=yes" is another solution.
A problem with that, it's a bit cumbersome. You have to realize what the
cause of the problem, so that adding the flag will fix it (why is ssh
failing anyway?).  And then check the exact syntax.  And write that, on the
command-line.     It is another option though.

> A problem with that, it's a bit cumbersome. You have to realize what
the
> cause of the problem, so that adding the flag will fix it (why is ssh
> failing anyway?). And then check the exact syntax. And write that, on the
> command-line. It is another option though.
Personally, I set IdentitiesOnly yes as the global default in ~/.ssh/config, and
explicitly set the preferred key separately for groups of hosts. All my keys are
under ~/.ssh/keys or ~/.ssh/sk so they don't get automatically picked up by
the client when a host hasn't been defined yet.

The client is only cumbersome if you don't use ~/.ssh/config and have never
refered to `man ssh_config`.

~ Tim