If you want to disable this sort of behaviour you can disable SSH from sending keys automatically, and then tell SSH which identity files need to be sent to each host.
In your .ssh/config, something like:
# Ignore SSH keys unless specified in Host subsection
# Send your public key to github only
(And if you have agent forwarding active I show you a big WARNING .)
There's an explanation in the README  but the actually interesting stuff is in server.go . Finally I mentioned a few reasons it might not work for you below .
It amazes me that people enable that for random servers. Seems like SSH should make that harder. Enabling it for a specific server you trust makes sense; enabling it for all servers doesn't. SSH could reject "ForwardAgent" outside a Host block, for instance, and force you to at least write a "Host *" block.
EDIT: Check out this search: https://github.com/search?utf8=%E2%9C%93&q=ForwardAgent&type...
Or, in short: never use ForwardAgent (or ssh -A) to a server you don't trust.
Sometimes I feel just so awed at the ingenuity of people, especially with software and computers.
Also, I used to add every jump combination into my .ssh/config file, but came across a wonderful trick that makes it unnecessary: https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_J...
ProxyCommand ssh -W %h:%p bastion.company
A socket that allows dumping the keys isn't really an improvement. If the box is compromised, agent forwarding can still be abused.
> seems much more secure.
Emphasis on "seems".
You can find it at: https://github.com/ccontavalli/ssh-ident
(This is on the Cinnamon desktop, so other GNOME setups could be different.)
 See https://askubuntu.com/questions/63407/where-are-startup-comm... for how to override in your user dir, or find it in the GUI somewhere.
 https://launchpad.net/ssh-askpass-keyring is the Ubuntu page
Holy mother of god, can we somehow return to the time when almost nobody used *nix and Microsoft was the one struggling to keep systems of these people secure?
Agent forwarding sharing is a big one though. Getting people to stop doing that automatically takes a lot of education. https://wiki.mozilla.org/Security/Guidelines/OpenSSH#SSH_age...
I almost always log into trusted servers, but it's good to be preemptive ;-)
The result is that with this configuration you would still send id_rsa to unknown hosts.
You also need to add "PubkeyAuthentication no" to your global stanza, and re-enable it for good hosts.
# Ignore ssh-agent keys
# Disable public key authentication
# Send your public key to github only
Or rename the id_* keys to something else. If you're using multiple key pairs will want more descriptive names anyway.
Ah well, I don't have any default key anyway.
Very cool, people like keep me hooked to HN. Keep it up!
Host first second third fourth
Match Host *.example.com, 192.0.2.*
This is a tiny tutorial I wrote ages ago:
If you have five keys, and the second is the one that's needed, doesn't that mean that only the first two keys are sent?
Anyway, this is very good to know, and I'm going to take action to make this more secure.
Once SSH has ran out of keys to try, it tries to move on to other authentication methods. The go app he has written then automatically accepts the connection at that point, once it knows it has seen all of your keys.
That's an odd definition of "security conscious". This looks more like a key management nightmare.
You're still sending the same default username to every host anyway, so what's the point?
If a key is compromised, it only provides access to a single host, not _all_ of them. This allows much more fine-tuned key management and reduces the scope of a key compromise.
Plus, it's not really that much more work. Just name your key after the host it's for, and then add an IdentityFile directive in your SSH config. I never have to worry about it, and get all the benefits.