Identifying one of multiple authentication subkeys
Brian Exelbierd
bex at pobox.com
Sun Mar 17 13:17:43 CET 2019
On Sun, Mar 17, 2019, at 1:12 PM, Peter Lebbing wrote:
> On 17/03/2019 12:45, Brian Exelbierd wrote:
> > There is no longer an identityfile to use in the .ssh/config file
> > which means all auth keys are tried with all hosts. I have multiple
> > auth keys and the hosts give up after 2 or 3 failures. How can I get
> > the right key served to the right host since SSH doesn't know how to
> > ask for it anymore ...
>
> Ooohhh. I would have hoped the OpenSSH server's MaxAuthTries would only
> count failed signatures, not failed key matches. But I can reproduce
> this problem.
>
> I don't know a satisfactory solution to this.
Having done no code examination, I feel like this is where the identity information for subkeys comes into play. I presume the SSH request would pass the value of the identity file to the gpg-agent. This is probably 100% wrong though/
Also, as an aside. It appears that subkeys do not prompt for the key passphrase. Instead I just get an allow/deny dialog or no dialog at all if I don't force confirm.
> PS: Could you please trim your quotes when you reply on the mailing
> list?
Happily - and I should have last time. Distracting myself with GPG/SSH while doing taxes is a bad idea and leads to bad internet hygiene :D
regards,
bex
More information about the Gnupg-users
mailing list