SSH does not send all public keys

Question

SSH does not send all public keys

jblaine opened this issue 9 years ago · 2 comments

2 public keys.

1 sent.

[@dev:~] $ ssh -V
OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013
[@dev:~] $ cat /etc/redhat-release
CentOS Linux release 7.1.1503 (Core)
[@dev:~] $ ls -ld .ssh/id_rsa*pub
-rw-r--r--. 1 jblaine jblaine 393 Jun 19 10:34 .ssh/id_rsa.pub
-rw-r--r--. 1 jblaine jblaine 393 Aug  6 12:12 .ssh/id_rsa_another.pub
[@dev:~] $ ssh whoami.filippo.io

    +---------------------------------------------------------------------+
    |                                                                     |
    |             _o/ Hello!                                              |
    |                                                                     |
    |                                                                     |
    |  Did you know that ssh sends all your public keys to any server     |
    |  it tries to authenticate to? You can see yours echoed below.       |
    |                                                                     |
    |  We tried to use that to find your GitHub username, but we          |
    |  couldn't :( maybe you don't even have GitHub ssh keys, do you?     |
    |                                                                     |
    |  By the way, did you know that GitHub publishes all users'          |
    |  ssh public keys and Ben (benjojo.co.uk) grabbed them all?          |
    |                                                                     |
    |  That's pretty handy at times :) But not this time :(               |
    |                                                                     |
    |                                                                     |
    |  P.S. This whole thingy is Open Source! (And written in Go!)        |
    |  https://github.com/FiloSottile/whosthere                           |
    |                                                                     |
    |  -- @FiloSottile (https://twitter.com/FiloSottile)                  |
    |                                                                     |
    +---------------------------------------------------------------------+

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQwpvEpjvC+wCs41YLSxxr4Fre9Gtk4aWhoVkGWN10CQSTV3RVfDzmDsusTul0XrcetmlCQBEwfImxly1cFp/pcjTT0lAlmwuY6a8vxqCZ1D83IT8suYQIONu7dzV5PrVK1e0h02v0hGxrgGgpG1eXmD3LgCUkQHNzyQip60DmkjW6nC6lspCeJ/nghh7ioHScJfjIyMBIXI5NqumuLfnUQ7sN7fJXpsgzE5IusMikdnsOdN6qhSSjuXRAYAOyBtAv62qBQ0vYlIWFKL4iWwJG4fqXZNjBh8YpIXnLwPFD0oKmGRzRxBVPIw39qgMXJDYkjTCDmk0iclc787OIbS4N

Connection to whoami.filippo.io closed.
[@dev:~] 1 $ ls .ssh/config
ls: cannot access .ssh/config: No such file or directory
[@dev:~] 2 $

Answer 1 · 2015-08-06T16:45:22.000Z

SSH sends all keys loaded in the agent, plus keys named identity (protocol 1 only) id_rsa, id_dsa (always supported), id_ecdsa and id_ed25519 (if supported).

If you're not running the agent only the default keys will be sent.

Answer 2 · 2020-02-16T01:56:17.000Z

Most users only have default and agent keys, so for them it's all keys. Advanced users that have different keys already know the configs, so we can keep it simple.