ETOOBUSY 🚀 minimal blogging for the impatient
Recently I was hit by a problem in using OpenSSH where I defined two
Host sections, pointing to the same host but setting
Host foo bar HostName ssh.example.com User foobar Host foo IdentityFile ~/.ssh/id_rsa-foo Host bar IdentityFile ~/.ssh/id_rsa-bar
This can be a common arrangement when using Gitolite, because we
might have two separate identities (one as
admin and one as regular
The problem? Even when accessing via the
bar alias, the OpenSSH
client was still offering the key for
Luckily for me, someone already thought of asking and this came out:
How could I stop ssh offering a wrong key? The problem is
that I was also relying upon ssh-agent and it was
adding its stored keys in addition to the ones set as
IdentityFiles in the configuration file.
This is where option IdentitiesOnly comes to the rescue:
Specifies that ssh(1) should only use the configured authentication identity and certificate files (either the default files, or those explicitly configured in the
ssh_configfiles or passed on the ssh(1) command-line), even if ssh-agent(1) or a
SecurityKeyProvideroffers more identities. The argument to this keyword must be
no(the default). This option is intended for situations where ssh-agent offers many different identities.
Hence, as suggested in the accepted answer, I added this at the end of the configuration file:
Host * IdentitiesOnly yes
Now the right key is selected, yay!