Saturday, August 27, 2011

Unexpected offering order for ssh keys on Linux Mint Debian

I've many different ssh keys in ~/.ssh, which I used happily through .ssh/config or -i option on Debian Lenny.

Recently I've installed Linux Debian Mint and I was no longer able to access some hosts. The reason was that ssh is offering all the keys in ~/.ssh without giving precedence to the specified key. So, ssh may disconnect for "Too many authentication failures" if the right key happens to be at the bottom of the list.

My workaround was to move most keys in another directory, and update .ssh/config and scripts accordingly.
It works but I'm not fully satisfied with it.

2 comments:

  1. Wild guess: all the keys are automatically loaded by the authentication agent (easy to check: execute "ssh-add -l").

    If your configuration already lists specific keys for each host, the IdentitiesOnly options could alleviate the issue.

    ReplyDelete
  2. many thanks for the suggestion.

    It seems that it isn't the agent, also I don't think that IdentitiesOnly could fix it. Actually I don't even understand why moving the identity files in another directory works ...

    I'll check as soon as I have time for that.

    ReplyDelete