Identity Not Working if adding "IdentitiesOnly yes" to *

I have a config file in .ssh here

Host *
AddKeysToAgent yes
IdentitiesOnly yes

#Github (default)
Host gh
HostName github.com
User git
IdentityFile ~/.ssh/id_rsa

#Bitbucket (secondary)
Host bb
HostName bitbucket.org
User git
IdentityFile ~/.ssh/id_rsa_bb

#Azure DevOps (secondary)
Host ado
HostName ssh.dev.azure.com
User git
IdentityFile ~/.ssh/id_rsa_ado
IdentitiesOnly yes

#GitLab
Host gitlab.com
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa_gl

If I have IdentitiesOnly yes set in the * host, I cannot SSH to bitbucket, but all of the other connections work:

% ssh -T git@bitbucket.org
git@bitbucket.org: Permission denied (publickey).

Removing the IdentitiesOnly config causes the bitbucket ssh to work. I’ve tried reloading the identity as well with

ssh-add ~/.ssh/id_rsa_bb
Asked By: jordaniac89

||
Source

That would suggest the public key configured in the authorized_keys file (or equivalent) for git@bitbucket.org might not actually be the one corresponding the private key in ~/.ssh/id_rsa_bb, but one of the other keys available in the agent.

Try ssh -v -T git@bitbucket.org with IdentitiesOnly set to no, and read the debug messages to see which key is actually accepted by the remote host.

Answered By: telcoM
Categories: Answers Tags:
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.