Login or Register to Ask a Question and Join Our Community


Cybersecurity

How to exclude openssh identities?

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity How to exclude openssh identities?
# 1  
Old 11-23-2009
How to exclude openssh identities?
I have a few different ssh identities configured for my client. Sometimes I am logging into a system I don't manage that either limits the number of failing identities to a smaller number than I have configured, or is refusing because of a wrong identity (as opposed to finding a valid one and using that). Some of these hosts need to be logged in to with no identity at all (strictly password based) but I don't get any password prompt at all. If I rename the ".ssh" directory to another name briefly, it all works for the affected hosts (and now fails for others). But renaming the directory is not a solution, and not even a work around (it was just a test to show what's happening). I need a way to specify that certain hosts have NO identity file, while all the rest have the usual set of identity files. But the -i option and the IdentityFile configuration don't delete identities; they just add more.

Any ideas? What I want to avoid is having to separately configure an identity file for every host I log in to (over 400 ... most using the same few identities).
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. Red Hat

Openssh 6.8

Hi im using redhat enterprise linux 7 im trying to update to the latest openssh version 6.8 i ran the command yum update openssh and this upgraded only to version 6.6 how can i update to the latest version 6.8? thanks! (5 Replies)
Discussion started by: guy3145
5 Replies

2. UNIX for Dummies Questions & Answers

Merge two files with non-overlapping identities

Hi All, I wish to merge two files: file1: with header rsSNP-ID Chromosome Chr-Pos rs171 1 175261679 rs242 1 20869461 rs538 1 6160958 file2: without header disease:AAT deficiency:M0525101 rs1243168 20109307 1 disease:AAT deficiency:M0525101 rs4900229 20109307 1... (3 Replies)
Discussion started by: luoruicd
3 Replies

3. UNIX for Advanced & Expert Users

Troubles with OpenSSH

Hi, I am trying to login from one AIX server to another without using a password, a basic configuration, however it doesn't seem to work. All things are in place. I have both a public and private key in the ~/.ssh folder and also have an "authorized_keys" file on the target-server containing... (5 Replies)
Discussion started by: Hille
5 Replies

4. Ubuntu

[Solved] Using Find with an exclude/exclude file

I am familiar with using tar and exclude/include files: tar zcf backup.dirs.tgz --files-from=include.mydirs --exclude-from=exclude.mydirs --no-recursion but was wondering if I could use find in the same way. I know that you can just specify the directories to exclude but my list is... (2 Replies)
Discussion started by: metallica1973
2 Replies

5. UNIX for Dummies Questions & Answers

SFTP with OpenSSH

Hi All, I am using SFTP command to download some files from a remote server. My both the servers are SFTP enabled. I am sending SFTP request to a Windows server from my Linux server via openSSH. and i have already exchanged publickey between both the servers. But still remote server is asking... (1 Reply)
Discussion started by: vipparlas
1 Replies

6. UNIX Desktop Questions & Answers

OpenSSH

Hello, I downloaded Cygwin to practice on my coursework from home. I was told to download the OpenSSH from Cygwin website so that I can access my files from home. However, the file saves itself with a cgi extension and I have no idea as to what I am supposed to do next. I found info on some... (1 Reply)
Discussion started by: feliks0
1 Replies

7. AIX

openssh on aix4.3.3

Hi, where can I get openssh-server-3.6.1p2-1.aix4.3.ppc.rpm? Thanks (1 Reply)
Discussion started by: heliopaixao
1 Replies

8. UNIX for Dummies Questions & Answers

OpenSSH

Help! SSH is returning the following error message: OpenSSL version mismatch. Built against 90581f, you have 90602f How can I correct this? (21 Replies)
Discussion started by: chenly
21 Replies
Login or Register to Ask a Question

LEARN ABOUT HPUX

ssh-add

SSH-ADD(1)                                                  BSD General Commands Manual                                                 SSH-ADD(1)

NAME

     ssh-add -- adds private key identities to the authentication agent

SYNOPSIS

     ssh-add [-cDdkLlqXx] [-E fingerprint_hash] [-t life] [file ...]
     ssh-add -s pkcs11
     ssh-add -e pkcs11

DESCRIPTION

     ssh-add adds private key identities to the authentication agent, ssh-agent(1).  When run without arguments, it adds the files ~/.ssh/id_rsa,
     ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, and ~/.ssh/id_ed25519.  After loading a private key, ssh-add will try to load corresponding certificate
     information from the filename obtained by appending -cert.pub to the name of the private key file.  Alternative file names can be given on
     the command line.

     If any file requires a passphrase, ssh-add asks for the passphrase from the user.  The passphrase is read from the user's tty.  ssh-add
     retries the last passphrase if multiple identity files are given.

     The authentication agent must be running and the SSH_AUTH_SOCK environment variable must contain the name of its socket for ssh-add to work.

     The options are as follows:

     -c      Indicates that added identities should be subject to confirmation before being used for authentication.  Confirmation is performed by
             ssh-askpass(1).  Successful confirmation is signaled by a zero exit status from ssh-askpass(1), rather than text entered into the
             requester.

     -D      Deletes all identities from the agent.

     -d      Instead of adding identities, removes identities from the agent.  If ssh-add has been run without arguments, the keys for the default
             identities and their corresponding certificates will be removed.  Otherwise, the argument list will be interpreted as a list of paths
             to public key files to specify keys and certificates to be removed from the agent.  If no public key is found at a given path,
             ssh-add will append .pub and retry.

     -E fingerprint_hash
             Specifies the hash algorithm used when displaying key fingerprints.  Valid options are: ``md5'' and ``sha256''.  The default is
             ``sha256''.

     -e pkcs11
             Remove keys provided by the PKCS#11 shared library pkcs11.

     -k      When loading keys into or deleting keys from the agent, process plain private keys only and skip certificates.

     -L      Lists public key parameters of all identities currently represented by the agent.

     -l      Lists fingerprints of all identities currently represented by the agent.

     -q      Be quiet after a successful operation.

     -s pkcs11
             Add keys provided by the PKCS#11 shared library pkcs11.

     -t life
             Set a maximum lifetime when adding identities to an agent.  The lifetime may be specified in seconds or in a time format specified in
             sshd_config(5).

     -X      Unlock the agent.

     -x      Lock the agent with a password.

ENVIRONMENT

     DISPLAY and SSH_ASKPASS
             If ssh-add needs a passphrase, it will read the passphrase from the current terminal if it was run from a terminal.  If ssh-add does
             not have a terminal associated with it but DISPLAY and SSH_ASKPASS are set, it will execute the program specified by SSH_ASKPASS (by
             default ``ssh-askpass'') and open an X11 window to read the passphrase.  This is particularly useful when calling ssh-add from a
             .xsession or related script.  (Note that on some machines it may be necessary to redirect the input from /dev/null to make this
             work.)

     SSH_AUTH_SOCK
             Identifies the path of a UNIX-domain socket used to communicate with the agent.

FILES

     ~/.ssh/id_dsa
             Contains the DSA authentication identity of the user.

     ~/.ssh/id_ecdsa
             Contains the ECDSA authentication identity of the user.

     ~/.ssh/id_ed25519
             Contains the Ed25519 authentication identity of the user.

     ~/.ssh/id_rsa
             Contains the RSA authentication identity of the user.

     Identity files should not be readable by anyone but the user.  Note that ssh-add ignores identity files if they are accessible by others.

EXIT STATUS

     Exit status is 0 on success, 1 if the specified command fails, and 2 if ssh-add is unable to contact the authentication agent.

SEE ALSO

     ssh(1), ssh-agent(1), ssh-askpass(1), ssh-keygen(1), sshd(8)

AUTHORS

     OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
     Theo de Raadt and Dug Song removed many bugs, re-added newer features and created OpenSSH.  Markus Friedl contributed the support for SSH
     protocol versions 1.5 and 2.0.

BSD                                                               August 29, 2017                                                              BSD