From owner-freebsd-questions@FreeBSD.ORG Wed Nov 11 16:41:06 2009 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 02BF7106566B for ; Wed, 11 Nov 2009 16:41:06 +0000 (UTC) (envelope-from kraduk@googlemail.com) Received: from mail-yx0-f171.google.com (mail-yx0-f171.google.com [209.85.210.171]) by mx1.freebsd.org (Postfix) with ESMTP id AC03E8FC08 for ; Wed, 11 Nov 2009 16:41:05 +0000 (UTC) Received: by yxe1 with SMTP id 1so1145595yxe.3 for ; Wed, 11 Nov 2009 08:41:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=ojZ/38GDHE+Cecf1MCxig1i9I0xj7n2GBJEcD680dH4=; b=fXt0MWSTA65b1A7rDL38Yi1ah6hQRl0QmFtIUqWHf2c0txF/uunmpvXjcZmDYynLG1 0nKjwJlSmXh1rfDdJxqjG6xPufp2RVfWlvmYeWhgsBwF/9mfki6YiaKmFj+aalQjEkye 8sjpSh6l60WmOqfhhZySqZy7vh2Eu11YseF80= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=KrSQ5PBvN90xgEVx7LGPGP85gxfEnyEwjB/txwZkU0Im9dBSgFJWXIYtZhv4g7AFj1 zXLRudxaWnFEi7uapTRY6XaoS8W2bymwR2LIT3eXnq2tzcI5hIHcv5gZZoYTfkozqxcO rXTk88gR76thtOxd7UXxEtReipiGDG/yXVGeM= MIME-Version: 1.0 Received: by 10.239.145.129 with SMTP id s1mr174719hba.45.1257957664278; Wed, 11 Nov 2009 08:41:04 -0800 (PST) In-Reply-To: <20091111152047.GA4729@current.Sisis.de> References: <4AFAD3B8.1000609@unsane.co.uk> <20091111152047.GA4729@current.Sisis.de> Date: Wed, 11 Nov 2009 16:41:04 +0000 Message-ID: From: krad To: Matthias Apitz Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: questions@freebsd.org, Vincent Hoffman Subject: Re: ssh-agent and ordering of keys X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Nov 2009 16:41:06 -0000 2009/11/11 Matthias Apitz > El d=EDa Wednesday, November 11, 2009 a las 03:09:44PM +0000, Vincent Hof= fman > escribi=F3: > > > Hi all, > > I've a bit of an annoying problem that hopefully someone > > here has delt with before. I have a large(ish) number of ssh keys as i > > like to keep things nicely seperated, I also use longish passphrases. T= o > > deal with long pass phrases I have started to use ssh-agent, which is > > working nicely but since i have a large number of keys and ssh-agent > > doesnt let you specify a particular key for a particular machine (I was > > using host and IdentiyFile lines in ~/.ssh/config before) I'm starting > > to hit a problem where I'm unable to log in to a machine as I'm hitting > > the MaxAuthTries value in sshd_config. I know i could just bung the > > MaxAuthTries value up to 20 or so on all my servers but I dont really > > want to, I'd rather a way of specifying which ssh key ssh-agent uses fo= r > > a specific host, (like i said it ignores the IdentiyFile lines in the > > config file and ignores the -i switch to ssh itself.) Any ideas welcome= . > > I have never used this, but you could start different ssh-agent(1) and > loading the key(s) you want to use to one or the other and let ssh(1) > ask the dedicated ssh-agent(1) for a given host by some shell wrapping > (i.e. mapping the -i filename to the correct ssh-agent(1) socket); > > HIH > > matthias > -- > Matthias Apitz > t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211 > e - w http://www.unixarea.de/ > Vote NO to EU The Lisbon Treaty: http://www.no-means-no.eu > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > Im not sure why you have to use loads of different keys other than one of each type (rsa1, dsa etc). After all if your storing all the private keys i= n the same place then its not really more secure