I have two SSH keys. id_rsa is my normal one with a passphrase, and id_lynx has no passphrase because I want it to be usable in a cron job (the user it logs in as is fairly restricted, don't worry about that), specifically git synchronization. For these background git pushes and pulls, I have set up an SSH host entry in my ~/.ssh/config that specifies id_lynx as the IdentityFile. Also, Xfce starts up gpg-agent with ssh-agent support.

Now when I try to connect via SSH using this host, which only cares about id_lynx, I get a pinentry popup from gpg-agent asking me for the passphrase for id_rsa. If I hit the cancel button, the connection proceeds fine (as it should), but this is obviously not a good final solution, especially for use in a cron job.

If I kill gpg-agent, everything works as expected, but I like having the graphical ssh-agent implementation, except for this one issue.

So, how can I prevent SSH and gpg-agent from trying to get the passphrase for a key it's not going to use?


1 Answer 1


Try using ssh -v (or -vvv) and watch the order the ssh keys are tried. If id_rsa comes first something went wrong with your ssh_config.

Try using ssh -i /path/to/id_lynx If this works check your ssh_config for

IdentityFile <- should be a fully specified path,

IdentitiesOnly yes

man 5 ssh_config says:

         Specifies that ssh(1) should only use the authentication identity
         files configured in the ssh_config files, even if ssh-agent(1) or
         a PKCS11Provider offers more identities.  The argument to this
         keyword must be ``yes'' or ``no''.  This option is intended for
         situations where ssh-agent offers many different identities.  The
         default is ``no''.

That should do the trick. If not, investigate the output of ssh -vvv wheter your ssh_config is used at all.

  • 1
    Putting IdentitiesOnly yes in the host config block seems to have done the trick. SSH is no longer trying to offer id_rsa in the -vv output. Another problem caused by failing to read the directions closely enough... Commented Jun 29, 2014 at 20:31

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .