Still no activity in the upstream issue, however I think OpenSSH 8.9 offers a mechanism that can help avoiding hitting MaxAuthTries in some cases: "destination constraints", see documentation for -h in ssh- add(1). AIUI constraining should limit the number of keys tried against a given host, making reaching MaxAuthTries more difficult. More info:
https://www.openssh.com/agent-restrict.html https://lwn.net/Articles/880458/ It is not clear to me if setting destination constraints also affects the order in which keys are tried (narrower scope => higher priority). Another workaround is preventing ssh to reach the agent: SSH_AUTH_SOCK= ssh -i <keyfile> <user@host> -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872145 Title: explicit key offered after all agent keys, auth can fail before explicit key used To manage notifications about this bug go to: https://bugs.launchpad.net/openssh/+bug/1872145/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs