Identity Not Working if adding "IdentitiesOnly yes" to *

I have a config file in .ssh here

Host *
AddKeysToAgent yes
IdentitiesOnly yes

#Github (default)
Host gh
User git
IdentityFile ~/.ssh/id_rsa

#Bitbucket (secondary)
Host bb
User git
IdentityFile ~/.ssh/id_rsa_bb

#Azure DevOps (secondary)
Host ado
User git
IdentityFile ~/.ssh/id_rsa_ado
IdentitiesOnly yes

PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa_gl

If I have IdentitiesOnly yes set in the * host, I cannot SSH to bitbucket, but all of the other connections work:

% ssh -T Permission denied (publickey).

Removing the IdentitiesOnly config causes the bitbucket ssh to work. I’ve tried reloading the identity as well with

ssh-add ~/.ssh/id_rsa_bb
Asked By: jordaniac89


That would suggest the public key configured in the authorized_keys file (or equivalent) for might not actually be the one corresponding the private key in ~/.ssh/id_rsa_bb, but one of the other keys available in the agent.

Try ssh -v -T with IdentitiesOnly set to no, and read the debug messages to see which key is actually accepted by the remote host.

Answered By: telcoM
Categories: Answers Tags:
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.