My Ubuntu 18.04 keeps adding all my SSH keys into the ssh agent upon startup and I am unable to delete them. Having so many keys in the agent breaks authentication to servers that only permit 3 or 5 attempts.
~ $ ssh-add -l
2048 SHA256:7mW8C9RNZ75U...ArHq+9kSZLmny0Y google_compute_engine (RSA)
2048 SHA256:OUD4Vy0LKWp2...AwNKTbdHDkjVkcU id_rsa.aws (RSA)
2048 SHA256:/Qbw+NcgXBTk...pi7bYs2eYm0k7B8 id_rsa.aws-eu (RSA)
2048 SHA256:cG5xEwfejo2O...8LqmP4gk2wAtzrk id_rsa (RSA)
2048 SHA256:5TgVaBUrlSvV...PHM46avPZIauVRY sftp-test2 (RSA)
When I try to delete them it says OK but they are still there:
~ $ ssh-add -D
All identities removed.
~ $ ssh-add -l
2048 SHA256:7mW8C9RNZ75U...ArHq+9kSZLmny0Y google_compute_engine (RSA)
2048 SHA256:OUD4Vy0LKWp2...AwNKTbdHDkjVkcU id_rsa.aws (RSA)
2048 SHA256:/Qbw+NcgXBTk...pi7bYs2eYm0k7B8 id_rsa.aws-eu (RSA)
2048 SHA256:cG5xEwfejo2O...8LqmP4gk2wAtzrk id_rsa (RSA)
2048 SHA256:5TgVaBUrlSvV...PHM46avPZIauVRY sftp-test2 (RSA)
With so many identities loaded in the agent I can't even specify an explicit on the command line, it still fails:
~ $ ssh 192.168.56.5 -i ~/.ssh/test
Received disconnect from 192.168.56.5 port 22:2: Too many authentication failures
Disconnected from 192.168.56.5 port 22
The only thing I can do is unset SSH_AUTH_SOCK
altogether and then I can at least use ssh -i ...
but that's inconvenient.
TL;DR
How can I delete all the identities from the agent and prevent them from loading again next time? Ie how to make it behave like ssh agent used to?
Best Answer
This may be due to a bug in
ssh-add -d/-D
not removing keys. There were some bug reports about it, e.g.The exact issue is:
A possible workaround:
Another workaround:
This comments actually suggests: