> I set IdentitiesOnly yes as the global default in ~/.ssh/config, and explicitly set the preferred key separately for groups of hosts. Ok, that sounds like a good idea! I have generally been using ssh-agent for "everything". And it nearly works fine. Except for the occasional server which has yet another ssh key, not managed in the agent. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev