Package: openssh-client Version: 1:7.4p1-10 gnupg-agent: 2.1.18-8 The goal is to bypass the keys offered by gnupg-agent with the following configuration in /etc/ssh/ssh_config:
Host 192.168.*.* 172.16.*.* 172.17.*.* 172.18.*.* 172.19.*.* 172.20.*.* 172.21.*.* 12.0.*.* 4.65.*.* 10.*.*.* *_* RSAAuthentication yes HostbasedAuthentication yes CheckHostIP yes StrictHostKeyChecking ask PubkeyAuthentication yes ControlPersist yes IdentitiesOnly yes IdentityFile /root/.ssh/id_rsa_4096_ssh2 IdentityFile /root/.ssh/id_rsa ... In practice, ssh begins with the second key, id_rsa, instead of id_rsa_4096_ssh2: # ssh -v admin@172.21.100.201 OpenSSH_7.4p1 Ubuntu-10, OpenSSL 1.0.2k 26 Jan 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 20: Applying options for 172.21.*.* debug1: /etc/ssh/ssh_config line 72: Skipping Host block because of negated match for 172.21.*.* debug1: Connecting to 172.21.100.201 [172.21.100.201] port 22. debug1: Connection established. ... debug1: Authentications that can continue: password,publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /root/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 279 Authentication failed. If I *comment out id_rsa*, it then offers the first key: IdentitiesOnly yes IdentityFile /root/.ssh/id_rsa_4096_ssh2 # IdentityFile /root/.ssh/id_rsa # ssh -v admin@172.21.100.201 OpenSSH_7.4p1 Ubuntu-10, OpenSSL 1.0.2k 26 Jan 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 20: Applying options for 172.21.*.* ... debug1: Authentications that can continue: password,publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /root/.ssh/id_rsa_4096_ssh2 debug1: Server accepts key: pkalg ssh-rsa blen 535 debug1: Authentication succeeded (publickey). -- Jean-Christophe
