Weird design ssh folks..

Thanks a mil Drew

`
$ ssh -vvv github.com pwd 2> >(grep -i offer)
debug1: Offering RSA public key: /Users/jweis/.ssh/id_rsa
`

When I commented the line
`
# IdentityFile ~/.ssh/id_rsa
`
in my /etc/ssh_config, everything worked fine.

(I’m on a mac.)

Thanks for pointing me in the right direction!

On my work machine I have the added benefit of being able to pull from my git repo. All my ssh public keys are still forwarded but it seems as if the one specified in the IdentityFile line is prioritized. i.e. it shows up on top. Verified when I run ssh-add -l on the remote site.

At home, however; on an older version of Mac OS and MacPorts OpenSSH while I can authenticate file I can’t pull from my repo on certain servers as the ssh keys are in their local default order. My current solution is to delete all my keys $ ssh-add -d ~/.ssh/* and then re-add them in the order I want to use them; specifying the password for each one. Not ideal… The key order also seems to reset itself on OS restart as well.

@Curt, if you could release your solution that would be awesome. I’m looking at a similar sounding solution on StackExchange’s ServerFault: “Choose identity from ssh-agent by file name” – http://serverfault.com/questions/401737/choose-identity-from-ssh-agent-by-file-name
There leoluk uses a python script parse out all the ssh keys and choose only the one specified in the identity file when forwarding an agent.

I have to deal with using multiple ssh keys for different reasons. (These are security-related; there are certain hosts I use which should have access only to keys specific to a client, not to my personal keys, thus I want to make sure I never forward authentication using my standard ssh-agent to them.) My solution is to use separate agents for this; I have a wrapper for the ssh/slogin command that, based on the host to which I’m connecting, will find the correct one of several existing ssh agents to use or start a new one if necessary.

I suppose if there’s demand I could could clean this up and release it.

cjs@cynic.net

Finally got things committed with the correct user by changing the email address on my global git-config file. It’s working for the moment, but will probably be borked when I get back to work. Wondering if I can override global config settings on a per repository basis….

I ran into the same exact issue, and found the “IdentitiesOnly yes” to be the solution.

It appears the order in which it tries keys is:
1. agent identities
2. -i arguments
3. config files
4. default (~/.ssh{identity,id_dsa,id_rsa})

When, ideally, I would want it to be:
1. -i arguments
2. config files
3. agent identities
4. default

Also, just as an example for those who want to do this entirely from the command line:
ssh -o “IdentitiesOnly yes” -i id_pub hostname

ssh_config

Host [personal]
HostName github.com
User git
IdentityFile “[personal]\id_rsa”
IdentitiesOnly yes

Host [company]
HostName github.com
User git
IdentityFile “[company]\id_rsa”
IdentitiesOnly yes

git clone [personal]:GitHubUser/repo folder