I have been putting my ssh identity files inside my ~/.ssh/
folder. I have probably about 30 files in there.
When I connect to servers, I will specify the identity file to use with something like
ssh -i ~/.ssh/client1-identity client1@10.1.1.10
However, if I do not specify an identity file, and just use something like this:
ssh user123@example.com
I get the error
Too many authentication failures for user123
I understand that is because if no identity file is specified, and ssh can find identity files, then it will try all of them.
I also understand that I can edit the ~/.ssh/config
file and specify something like:
Host example.com PreferredAuthentications keyboard-interactive,password
in order to prevent that connection from trying known identity files.
So, I guess I could move my identity files outside of the ~/.ssh/
directory, or I could specify each host that I want to disable identity-file authentication for in the config file, but is there any way to tell SSH by default not to search for identity files? Or to specify the ones it will search for?
Best Answer
You can use the
IdentitiesOnly=yes
option along withIdentityFile
(see ssh_config man page). That way, you can specify which file(s) it should look for.In this example, ssh will only look in the identities given in the ssh_config files + the 4 ones listed on the command line (the identities provided by the agent will be ignored):
The forms
-i
and-o IdentityFile=
are interchangeable.In
.ssh/config
, you can include config like this: