It's an explicit behavior of the openssh client to try keys provided by the ssh agent. If you don't want this behavior you can set the IdentitiesOnly ssh config option.
I would assume that what is happening here is that you are using the gnome-keyring as your ssh agent? From what I can see it automatically adds any key it can find under ~/.ssh/. (Not that I have much of an opinion either way in regards to whatever there is a bug anywhere or not.) -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-keyring in Ubuntu. https://bugs.launchpad.net/bugs/1302812 Title: Explicit identity files are being used after implicit files are attempted Status in Portable OpenSSH: Unknown Status in “gnome-keyring” package in Ubuntu: New Status in “openssh” package in Ubuntu: New Bug description: When explicitly setting an identity, either via the -i commandline parameter or IdentityFile in the ssh config, these files are used only after any other identity files found in ~/.ssh/ have failed pubkey authentication. When the remote host limits the number of pubkey authentication failures before disconnecting, this can lead to a situation where the explicit identity file is not even used when connecting to that host. To manage notifications about this bug go to: https://bugs.launchpad.net/openssh/+bug/1302812/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
