On 21.03.21 15:36, Lars Noodén wrote: > With six or fewer keys in the agent, assuming default MaxAuthTries in > the server, it is then only a matter of having the SSH client use the > agent and the right key will be found. However, with many keys already > in the agent, the key has to be specified explicitly or the 'wrong' keys > will get tried first. Umh, *does* every privKey that ssh "offers" (as the debug output calls it) qualify as an actual authentication attempt, and thus count against MaxAuthTries? If I may trust my everyday experience with ssh-agent and "ssh-add -c", there's no *signature* being generated with ones that were "offered" but refused. Otherwise, your request would be quite clearly in the "provide a by-use filter capability for the privKeys an ssh-agent holds" territory that was discussed - with a focus on agent *forwarding*, though - on this list a little while ago ... Regards, -- Jochen Bern Systemingenieur Binect GmbH
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
