Date: Wed, 11 Nov 2009 16:41:04 +0000 From: krad <kraduk@googlemail.com> To: Matthias Apitz <guru@unixarea.de> Cc: questions@freebsd.org, Vincent Hoffman <vince@unsane.co.uk> Subject: Re: ssh-agent and ordering of keys Message-ID: <d36406630911110841g4eb9a2dl5533b3e39d90190d@mail.gmail.com> In-Reply-To: <20091111152047.GA4729@current.Sisis.de> References: <4AFAD3B8.1000609@unsane.co.uk> <20091111152047.GA4729@current.Sisis.de>
next in thread | previous in thread | raw e-mail | index | archive | help
2009/11/11 Matthias Apitz <guru@unixarea.de> > El d=EDa Wednesday, November 11, 2009 a las 03:09:44PM +0000, Vincent Hof= fman > escribi=F3: > > > Hi all, > > I've a bit of an annoying problem that hopefully someone > > here has delt with before. I have a large(ish) number of ssh keys as i > > like to keep things nicely seperated, I also use longish passphrases. T= o > > deal with long pass phrases I have started to use ssh-agent, which is > > working nicely but since i have a large number of keys and ssh-agent > > doesnt let you specify a particular key for a particular machine (I was > > using host and IdentiyFile lines in ~/.ssh/config before) I'm starting > > to hit a problem where I'm unable to log in to a machine as I'm hitting > > the MaxAuthTries value in sshd_config. I know i could just bung the > > MaxAuthTries value up to 20 or so on all my servers but I dont really > > want to, I'd rather a way of specifying which ssh key ssh-agent uses fo= r > > a specific host, (like i said it ignores the IdentiyFile lines in the > > config file and ignores the -i switch to ssh itself.) Any ideas welcome= . > > I have never used this, but you could start different ssh-agent(1) and > loading the key(s) you want to use to one or the other and let ssh(1) > ask the dedicated ssh-agent(1) for a given host by some shell wrapping > (i.e. mapping the -i filename to the correct ssh-agent(1) socket); > > HIH > > matthias > -- > Matthias Apitz > t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211 > e <guru@unixarea.de> - w http://www.unixarea.de/ > Vote NO to EU The Lisbon Treaty: http://www.no-means-no.eu > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > Im not sure why you have to use loads of different keys other than one of each type (rsa1, dsa etc). After all if your storing all the private keys i= n the same place then its not really more secure
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d36406630911110841g4eb9a2dl5533b3e39d90190d>