New to Linux and the group. Currently running Linux Mint on several machines.
In Jay’s Getting Started with OpenSSH Key Management video, the topic of using the IdentityFile option in the ssh config file is discussed.
I have several different ssh auth key pairs in the .ssh folder. I have also created a ssh config file but have not yet included the IdentityFile option.
I am currently able to login via ssh without any credentials (i.e. ssh hostname) just fine.
It’s not clear to me whether using the IdentityFile option would benefit me.
Does ssh search all available keys for a match if the IdentityFile option is not included in the config file? Can some clarify?
Hi and welcome!
If you run ssh -v <hostname>
you will see a lot more information about what’s going on. Without specifying the identity file there should be multiple keys being offered to the server to authenticate your connection. This may lead to a “Too many authentication failures” because at one point the server will reject your attempt, if you have many keys being offered until one works.
Based on this, which I learned the hard way by locking myself out of my own VPS (…), I would assume that SSH is smart enough to try out a number of keys found inside the ~/.ssh
and other directories by default. This is just my own experience, not expert’s advice.
Personally, I recommend using the IdentitiesOnly=yes
option as well to be sure that only the file you specify in IdentityFile
is used. Inline you can use the -o IdentitiesOnly=yes
option or you can also provide that in the config file:
Host *
IdentitiesOnly=yes
Host <hostname>
IdentityFile <path_to_ssh_private_key>
Thanks for the very thorough explanation hypoiodous! Just what I needed!
Hopefully this helps others a s well!