SSH Agent breaks username/password SSH Authentication

I have exactly the same situation, I helped myself creating a short Alias not sure if this is doable on MAC but should be.

alias sshp='ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no $0'

so if I want to connect to Password only hosts (in my case random switches) I use sshp mailto:manager@10.10.10.10

How keys are matched with hosts happens on the SSH client side, rather than the SSH agent side. If your hosts are dynamic, here are some tricks that might help you:

If there is a common static part in the hosts, like a domain, you can use a wildcard * in your SSH config:

Host *.mydomain.com
PreferredAuthentications password


Or if you're always connecting to these hosts using a certain script, you can add the option inline:

ssh -o 'PreferredAuthentications=password' user@host


floris_1P

I deleted a few unused keys and I'm back in business. Thank you for your answer. I'm connecting to a variety of hosts with a variety of settings so I can't simply preset PreferredAuthentications for all the random hosts I come across all the time...

Is there any way for the 1Password agent to know what host the keys should be used on?

You're getting this error because ssh first tries to authenticate with every key you have in the agent, and only then falls back to username/password authentication method. But also: the default SSH server configuration states that you only have 6 authentication tries in total, which can be a problem if you have too many keys in the agent.

The good news is that you can control which authentication mechanism gets used first, using the PreferredAuthentications SSH config directive. For example, if certain hosts only support username/password auth, you can disable publickey authentication for these hosts and have them only use password authentication:


Host somehost
PreferredAuthentications password