ssh_config: ignore pre-existing SSH keys on client

sshd limits the number of authentication attempts permitted per
established connection.
The limit is set via the MaxAuthTries option and defaults to six
attempts.

Client SSH environments that define more than six SSH keys globally or
in the agent would exhaust authentication attempts before they reach the
algo-specified per-instance SSH private key.

SSH client allows "forgetting" existing keys per connection using the
IdentitiesOnly option.
A client only offers an explicitly defined key when this option is set.
This commit is contained in:
Dima Scherbakov 2023-08-26 19:42:27 +02:00
parent abb8164054
commit ffee12c784
2 changed files with 2 additions and 0 deletions

View file

@ -2,6 +2,7 @@ Host algo
DynamicForward 127.0.0.1:1080
LogLevel quiet
Compression yes
IdentitiesOnly yes
IdentityFile {{ item }}.ssh.pem
User {{ item }}
Hostname {{ IP_subject_alt_name }}

View file

@ -32,6 +32,7 @@
HostName {{ IP_subject_alt_name }}
User {{ ansible_ssh_user }}
Port {{ ansible_ssh_port }}
IdentitiesOnly yes
IdentityFile {{ SSH_keys.private | realpath }}
KeepAlive yes
ServerAliveInterval 30