Hi Sam, On Mon, Sep 30, 2024 at 11:37:18 -0600, Sam Darwin wrote: > If you are specifying a key "-i key", then you are specifying a key, and > clearly don't need to use the keys from ssh-agent. The -i option is dual-use. From the man page: > Selects a file from which the identity (private key) for public key authentication is read. > You can also specify a public key file to use the corresponding > private key that is loaded in ssh-agent(1) when the private key file > is not present locally. I think you can also load certificates using the -i option and use the agent to generate the signature. > Could ssh prefer the key from the command line? Give that precedence, > over using the ssh-agent keys? The IdentitiesOnly option takes care of that. Or you could set up your ~/.ssh/config file with IdentitiesOnly + IdentityFile to specify the correct key for each server. Jörn _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
