I wonder if the way ssh behaves is sane in the following situation. I have ssh-agent running and there is a number of keys added to it. Then I run ssh -i foo bar and what I see is that ssh first tries the keys from the agent rather than foo. But in this case I get "Too many authentication failures" before the explicit key is even tried. if I unset SSH_AGENT_PID and SSH_AUTH_SOCK then everything is okay, obviously. Redacted output of ssh -vv: debug2: key: /home/avg/.ssh/id_dsa (0x8038163c0), debug2: key: /home/avg/.ssh/id_dsa_xxx (0x803816440), debug2: key: /home/avg/.ssh/id_dsa_yyy (0x8038164c0), debug2: key: /home/avg/.ssh/zzz (0x803816540), debug2: key: /home/avg/.ssh/vvv (0x8038165c0), debug2: key: /home/avg/.ssh/www (0x803816640), debug2: key: /usr/local/lib/ruby/gems/2.0/gems/vagrant-1.6.5/keys/vagrant (0x803816100), explicit debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Next authentication method: publickey debug1: Offering DSA public key: /home/avg/.ssh/id_dsa ... debug1: Offering RSA public key: /home/avg/.ssh/www debug2: we sent a publickey packet, wait for reply Received disconnect from x.x.x.x: 2: Too many authentication failures for avg
I suggest raising this issue with the OpenSSH developers, after verifying that it still applies to the latest version (available from ports).