1Password ssh agent & ssh key on disk

After mailing the 1Password's support, Juraj Stolc (CX Technical Representative) told me that the `IdentitiesOnly yes` in my local ssh config is preventing me from deleting my local ssh keys.

I then have to remove the `IdentityFile` key for each hosts.

But the point of having `IdentityFile` for each hosts is so that:

1. No single ssh key leak will expose all of my remote machines to attackers
2. Enables SSH agent to just offer a single ssh key to a single remote machine

I tried removing `IdentitiesOnly` & `IdentityFile` for a single VPS in a different country.

The result? `fail2ban` in that VPS blocked my ip because 1Password tried to offer all 70+ of my SSH keys.

I have had to remove the blacklist via a web based console, which is not a pleasant experience.

Disclaimer:

This is not me disparaging the use of 1Password's ssh agent, if it works for you go for it :)

For me, I have had to keep 60+ ssh keys for my client's machines, including bare metal ones, because they don't have a password manager (and because they're not a devops person). And another 10 ssh keys for my own machines.

I don't actually have 70 machines that I manage on a daily basis. The fact that 1Password's ssh agent cannot perfectly replicate this configuration in my local ssh config:

# connect using: `ssh file1` in your terminal
Host file1
	User user1
	HostName 10.90.1.1
	Port 22
	IdentityFile ~/.ssh/keys/user1@file1

# connect using: `ssh file12` in your terminal
Host file12
	User user2
	HostName 10.90.1.1
	Port 22
	IdentityFile ~/.ssh/keys/user2@file1

is a deal breaker for me.

Anyway, thank you 1P_Phil​ & Juraj Stolc for your replies

Cya.