Possibly I am missing something obvious but after getting fed up with 5 key limitation of ssh-agent I start looking for ways for a better ssh key management.
If I create a new ssh key pair using ssh-keygen -t rsa, I can then use ssh-keygen -lf to get fingerprints for both private and public key and they both report the same fingerprint.
Then my naive expectation is to do something like an ssh-keyscan to get remote public key fingerprints on that host and match that fingerprint to one of my private keys and initiate ssh connection using that private key.
Obviously, the fingerprints I get using ssh-keyscan does not even resemble the fingerprints for local keys.
Is the any solution to resolve this dilemma ?
The
ssh-keyscancommand is for scanning the host keys (/etc/ssh/ssh_host_*.pub), not the keys present used for authentication/authorization of users.You would need to connect to the remote host and examine the various authorized_keys files. The complicated bit is that an authorized_keys file can have many keys in it, so you need to do some manipulation to extract the individual keys and print them.
There is another question/answer on serverfault with some good methods.
I think I avoid your dilemma by simply defining a priori which keypair to use for what host in my
~/.ssh/config