I do a lot of stuff with SSH. And I’m a fan of using separate keys for most things: the generic public key
for my specific workstation; and then a special, non-workstation-specific key for other stuff.
So I’ve got a key for things like:
- Digital Ocean
Frustratingly enough, once one has enough identities, one runs into a problem: Too many authentication failures. Every time I see it, I have to go figure out why, and a workaround. And that’s a couple of precious minutes that I’ll never get back.
Well, I’ve finally found a solution… I actually already had it, I just forgot. My salvation lies in this file:
The key is actually the first part, “Host *.hostname.com”, which is like a per-domain catch-all:
GSSAPIAuthentication no Host *.hostname.com PubkeyAuthentication no Host test Hostname www.test.foo User danf IdentityFile /home/danf/.ssh/digitalocean_id_rsa.pub Host *.server04.com IdentityFile /home/danf/.ssh/source.server04.com_dsa.pub Host cs Hostname indigo.crazedsanity.com User danf IdentityFile /home/danf/.ssh/digitalocean_id_rsa.pub IdentitiesOnly yes ServerAliveInterval 20
Oh, and this configuration allows me to use shortcuts that don’t have to resolve to real hosts and don’t require entries in my
/etc/hosts file. So I can literally type
ssh cs and get to where I want.
EDIT: apparently, there’s not a catch-all. At least not a global one… but you can set one for an entire domain (like “*.hostname.com”) and that works magically. So… close enough. At least for government work.