Problem: I have some 20-30 ssh-agent
identities. Most servers refuse authentication with Too many failed authentications
, as SSH usually won't let me try 20 different keys to log in.
At the moment, I am specifying the identity file for every host manually, using the IdentityFile
and the IdentitiesOnly
directive, so that SSH will only try one key file, which works.
Unfortunately, this stops working as soon as the original keys aren't available anymore. ssh-add -l
shows me the correct paths for every key file, and they match with the paths in .ssh/config
, but it doesn't work. Apparently, SSH selects the indentity by public key signature and not by file name, which means that the original files have to be available so that SSH can extract the public key.
There are two problems with this:
- it stops working as soon as I unplug the flash drive holding the keys
- it renders agent forwarding useless as the key files aren't available on the remote host
Of course, I could extract the public keys from my identity files and store them on my computer, and on every remote computer I usually log into. This doesn't looks like a desirable solution, though.
What I need is a possibility to select an identity from ssh-agent by file name, so that I can easily select the right key using .ssh/config
or by passing -i /path/to/original/key
, even on a remote host I SSH'd into. It would be even better if I could "nickname" the keys so that I don't even have to specify the full path.