Did you know you are exposing your identity for each "permission denied" error? ...

Bender · on March 16, 2022

You are right. My personal method for testing such things is to ensure I do not have any of the default keys.

  mkdir --mode=00500 -p ~/.ssh_config_backup
  rsync -avH ~/.ssh/. ~/.ssh_config_backup/.
  rm ~/.ssh/id_*

Then I generate custom keys per-site and list them in ~/.ssh/config/

  ssh-keygen -q -t rsa -b 2048 -N "" -C "test" -f ~/.ssh/.id_devzat

Then in ~/.ssh/config

  IdentitiesOnly yes
  SendEnv LANG LC_ALL
  ForwardAgent no
  ForwardX11 no
  ForwardX11Trusted no
  # [snip]
  #
  Host devzat chat
    Hostname devzat.hackclub.com
    Port 22
    User test
    IdentityFile ~/.ssh/.id_devzat
    LogLevel VERBOSE

Verbose to see debug if you are having issues.

If one needed to temporarily use the old key for a site until it is changed to a site-unique key, then

  rsync -av ~/.ssh_config_backup/id_rsa ~/.ssh/.id_somesite

Then make a note to change the key on that site and generate a site unique key.

quackduck · on March 16, 2022

(assuming I am malicious (which isn't really a bad thing to assume))

OrderlyTiamat · on March 16, 2022

huh that's... really bad. Is there some way of turning that off? grepping through the man file didn't tell me about any options.