Dealing with SSH’s key spam problem
Recently I created a new virtual machine locally, and I tried to ssh into it.
[diablo@infinity ~]$ ssh tachikoma
Received disconnect from tachikoma: 2: Too many authentication
failures for diablo
I didn’t put a key on tachikoma yet, and ssh didn’t ask me my password. It didn’t make any sense.
So, I ran the same command with
-vvv and realized… its sending all my identity keys to tachikoma, and the sshd on that machine is kicking the connection due to all of them failing.
What bizarre behavior.
So I dug around in the man page for
ssh_config and noticed I can just add…
… to force ssh to only use specifically named identities which (what I’ve been doing for years, anyways) are written like this…
… or something similar. With the
IdentitiesOnly directive in there, it only sends specifically the identity keys I specify with
IdentityFile instead of spamming all the keys I have.
I’m not sure if this is a Debian-only problem (both infinity and tachikoma are Debian machines), but even though its a security feature, its kind of annoying.