I was trying to debug an ssh problem Too many authentication failures, and find with ssh -vv that ssh is presenting lots of keys before falling back to try a password.
On investigation I find that these keys are added somehow with ssh-agent running from startx when X11 is started.
I have a lot of keys in my ~/.ssh directory for different machines, transferred through many system updates over the years. I had not even realized that ssh-agent was running.
I thought that ssh-add, per the manpage, would add by default just id_dsa, id_rsa and identity.
But somehow it is adding BillBrewer.pub, JanStewer.pub, PeterGurney.pub, PeterDavy.pub, DanlWhiddon, HarryHawke.pub, OldUncleTomCobley.pub as well, and presenting the whole lot on every login session when I expect to give a password. So sshd on the server decides that enough is enough and disconnects.
How can I control this behaviour ? Apart from removing my extra public keys from my .ssh directory and just keeping the private ones I need, but that's always been a convenient place to keep them in the past.
For that matter, how can I stop ssh-agent running if I want to ?
Is this a security issue ( sending keys to servers that are not supposed to get them) ?
I realize that I can override it on a per-session basis
with -o PreferredAuthentications=password but I'd prefer a systemic fix.
- more strangeness: I tried using
ssh-add -Dto remove all identities, orssh-add -d *.pub, but when I usessh-add -l, they are all still there.
CentOS release 6.5, OpenSSH_5.3p1, openssh-clients-5.3p1
