Wondering how I might be able to configure my ssh client or server so that any one of my ssh certificates may be used for authentication? Are there better ways to check for more than a couple certificates than by increasing sshd_config MaxAuthTries? I was thinking ssh - oCertificateFile could be used but I'm struggling to figure out how since my ssh-agent is the only place where the certs and private keys are located. Each certificate may have a different principal, policy or validity, hence the multiple certificates. The contents of my ssh-agent: 256 SHA256:Ft0/6CxRrwaPM/3bB0AQd/Vgw5mhT6ptq7Plj/cOYXI user@host (ED25519) 256 SHA256:Ft0/6CxRrwaPM/3bB0AQd/Vgw5mhT6ptq7Plj/cOYXI user@host (ED25519-CERT) 256 SHA256:Fn/259tp65oYC7LFz0RIpvl23S0GGqJbLvOYlj0Z26U user@host (ED25519) 256 SHA256:Fn/259tp65oYC7LFz0RIpvl23S0GGqJbLvOYlj0Z26U user@host (ED25519-CERT) 256 SHA256:thXXEAOnp8Xj+qtl+gDveYXjvy5MEkE9Vm5jos3qusM user@host (ED25519) 256 SHA256:thXXEAOnp8Xj+qtl+gDveYXjvy5MEkE9Vm5jos3qusM user@host (ED25519-CERT) 256 SHA256:e8Fag5D2xPFzYbqVBuctLxJ9mB2IkYO137kNo42WAs8 user@host (ED25519) 256 SHA256:e8Fag5D2xPFzYbqVBuctLxJ9mB2IkYO137kNo42WAs8 user@host (ED25519-CERT) 256 SHA256:uQQXF0hk67bGu3FVhnhxTxE+A1fGogiVt9rawTfQ+G4 user@host (ED25519) 256 SHA256:uQQXF0hk67bGu3FVhnhxTxE+A1fGogiVt9rawTfQ+G4 user@host (ED25519-CERT) Any ideas? Thank you, and thank you for your valuable work. Mark Christian _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev