ssh and identy files

Out of frustration, and maybe it'll be useful for another one. I just spent 6 hours trying to battle a nasty issue with ssh keys. I have a lot of different keys on my machine, and after unsucessfully trying 5 keys, ssh will drop the connection. The usual solution is to specify which host should use which key in an ssh config file. For example:

  IdentityFile ~/.ssh/github_rsa

The file must have permission 600 otherwise it'll be ignored. For some host which constantly change (like amazon instances), a better solution is to use the -i command to manually specify the private key to use.

Here's the catch

-i doesn't mean use only this key (or use this key first). The implementation is actually to try the given key after all keys from the agent failed. Which is insane.

One needs to add the option IdentitiesOnly to disable all key from the agent. So the successful command would be: ssh -i ~/path/to/my/key -o IdentitiesOnly=yes user@host

The man page for ssh is really confusing on this -,..,-

Thanks to this post which gave me the solution