Identity Not Working if adding "IdentitiesOnly yes" to *

I have a config file in .ssh here

Host *
AddKeysToAgent yes
IdentitiesOnly yes

#Github (default)
Host gh
HostName github.com
User git
IdentityFile ~/.ssh/id_rsa

#Bitbucket (secondary)
Host bb
HostName bitbucket.org
User git
IdentityFile ~/.ssh/id_rsa_bb

#Azure DevOps (secondary)
Host ado
HostName ssh.dev.azure.com
User git
IdentityFile ~/.ssh/id_rsa_ado
IdentitiesOnly yes

#GitLab
Host gitlab.com
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa_gl

If I have IdentitiesOnly yes set in the * host, I cannot SSH to bitbucket, but all of the other connections work:

% ssh -T [email protected]
[email protected]: Permission denied (publickey).

Removing the IdentitiesOnly config causes the bitbucket ssh to work. I've tried reloading the identity as well with

ssh-add ~/.ssh/id_rsa_bb

Answers 1

  • That would suggest the public key configured in the authorized_keys file (or equivalent) for [email protected] might not actually be the one corresponding the private key in ~/.ssh/id_rsa_bb, but one of the other keys available in the agent.

    Try ssh -v -T [email protected] with IdentitiesOnly set to no, and read the debug messages to see which key is actually accepted by the remote host.


Related Questions