如何使命令行中的显式 ssh 密钥优先于 ssh-agent 密钥?

tag-icon tag-icon ssh ssh-keys ssh-agent
如何使命令行中的显式 ssh 密钥优先于 ssh-agent 密钥?

我有一堆 ssh 密钥,半永久地加载到 ssh-agent 中。ssh-add -L列出了 6 个密钥。

我还有其他密钥,它们被单独存储;比如说,存储在 USB 上。我确实想随时把它们放在手边。让我叫其中一个square.key

问题是这样的:在我需要的时候square.key,我可以插入 USB 记忆棒并指定-i /path/to/square.key- 但不起作用.-v揭示原因:

debug1: Will attempt key: /home/ulidtko/.ssh/key1 RSA SHA256:<redacted> agent
debug1: Will attempt key: /home/ulidtko/.ssh/key2 RSA SHA256:<redacted> agent
debug1: Will attempt key: key3@localhost ED25519 SHA256:<redacted> agent
debug1: Will attempt key: key4@localhost RSA SHA256:<redacted> agent
debug1: Will attempt key: key5@localhost ed25519 ED25519 SHA256:<redacted> agent
debug1: Will attempt key: key6@localhost ECDSA SHA256:<redacted> agent
debug1: Will attempt key: /path/to/square.key ED25519 SHA256:<redacted> explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/ulidtko/.ssh/key1 RSA SHA256:<redacted> agent
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: /home/ulidtko/.ssh/key2 RSA SHA256:<redacted> agent
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: key3@localhost ED25519 SHA256:<redacted> agent
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: key4@localhost RSA SHA256:<redacted> agent
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: key5@localhost ed25519 ED25519 SHA256:<redacted> agent
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: key6@localhost ECDSA SHA256:<redacted> agent
Received disconnect from 46.101.206.106 port 22:2: Too many authentication failures
Disconnected from 46.101.206.106 port 22

不知怎的,我觉得在命令行上手动输入之前ssh尝试每个键是个好主意。因此这会在服务器上触发;永远不会提供。ssh-agentsquare.keyToo many authentication failuressquare.key

有没有办法覆盖或配置此顺序?我想继续使用ssh-agent,但ssh要尊重我手动设置的命令行标志,并-i首先尝试“显式”键。

答案1

IdentitiesOnly=yes可能是一个合适的选择。也就是说,只使用指定的身份。

ssh -i /path/to/square.key -o IdentitiesOnly=yes remote.server.net

或者

Host remote.server.net
  IdentityFile /path/to/square.key
  IdentitiesOnly yes

答案2

一个解决方法是经过IdentityAgent=none,在同一个命令行上:

ssh -i /path/to/square.key -o IdentityAgent=none remote.server.net

或者同样地,通过~/.ssh/config

Host remote.server.net
    IdentityFile /path/to/square.key
    IdentityAgent none

答案3

# .ssh/config

host default
hostname 185.xxx.xxx.xxx
user root
port 10xxx
IdentityFile .ssh/debian
IdentityAgent none

相关内容