Using IdentityAgent for a large number of server/key pairs.

Neophraz
Neophraz
Community Member
edited March 19 in Secrets Automation

I have been using the IdentityAgent function of 1password in my server environment of several hundred servers. I would like to start using unique keys for each server, so I started creating new keys and updating the servers but after creating the 4th new server/key pair, I started seeing the new keys failing with
"Received disconnect from port 22:2: Too many authentication failures"

I understand that I can create the host/key pair files for the ssh_config file, however I don't want to have to create hundreds of files for the hosts when the information is already contained in the 1password tool and I can just use the IdentityAgent. Is there a way to specify to Identity Agent that a specific 1password entry should be used for a specific host? I don't want to up the authentication failure limit on all my servers to a large value. Is the only way to use ssh keys on a large number of servers like this is to not use 1password's IdentityAgent? If that is the case, could an update be made to it so that you could use it with the ssh_config so that it sees the hostname and looks for that specific host entry in the 1password database? So I could do this with my ssh_config:

ssh_config:
host yourhostname.com
IdentityAgent ~/.1password/agent.sock

instead of:

ssh_config:
host *
IdentityAgent ~/.1password/agent.sock

and then it could try the one 1password entry that has that hostname (as the name of the entry or a comment field or some other field for the key)?

Then I could continue to use the IdentityAgent for my hosts and not have to update individual files on my work station(s) with the key info as it would all remain in my 1password database where it is easier to manage.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

This discussion has been closed.