ssh-agent and ordering of keys

krad kraduk at googlemail.com
Wed Nov 11 16:41:06 UTC 2009 

2009/11/11 Matthias Apitz <guru at unixarea.de>

> El día Wednesday, November 11, 2009 a las 03:09:44PM +0000, Vincent Hoffman
> escribió:
>
> > Hi all,
> >             I've a bit of an annoying problem that hopefully someone
> > here has delt with before.  I have a large(ish) number of ssh keys as i
> > like to keep things nicely seperated, I also use longish passphrases. To
> > deal with long pass phrases I have started to use ssh-agent, which is
> > working nicely but since i have a large number of keys and ssh-agent
> > doesnt let you specify a particular key for a particular machine (I was
> > using host and IdentiyFile lines in ~/.ssh/config before) I'm starting
> > to hit a problem where I'm unable to log in to a machine as I'm hitting
> > the MaxAuthTries value in sshd_config.  I know i could just bung the
> > MaxAuthTries value up to 20 or so on all my servers but I dont really
> > want to, I'd rather a way of specifying which ssh key ssh-agent uses for
> > a specific host, (like i said it ignores the IdentiyFile lines in the
> > config file and ignores the -i switch to ssh itself.) Any ideas welcome.
>
> I have never used this, but you could start different ssh-agent(1) and
> loading the key(s) you want to use to one or the other and let ssh(1)
> ask the dedicated ssh-agent(1) for a given host by some shell wrapping
> (i.e. mapping the -i filename to the correct ssh-agent(1) socket);
>
> HIH
>
>        matthias
> --
> Matthias Apitz
> t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211
> e <guru at unixarea.de> - w http://www.unixarea.de/
> Vote NO to EU The Lisbon Treaty: http://www.no-means-no.eu
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
>

Im not sure why you have to use loads of different keys other than one of
each type (rsa1, dsa etc). After all if your storing all the private keys in
the same place then its not really more secure

More information about the freebsd-questions mailing list