Doesn’t it try one key at a time rather than send all?

bauruine 7 hours ago | parent | next [-]

True but a server that wants to "deanonymize" you can just reject each key till he has all the default keys and the ones you added to your ssh agent.

You can try it yourself [0] returns all the keys you send and even shows you your github username if one of the keys is used there.

[0] ssh whoami.filippo.io

	▲	grey-area 6 hours ago \| parent [-]
		Nice, tried it out. This wording is incorrect though: "Did you know that ssh sends all your public keys to any server it tries to authenticate to?" It should be may send, because in the majority of cases it does not in fact send all your public keys.

rwmj 5 hours ago | parent | prev | next [-]

Modern sshd limits the number of retries. I have 5 or 6 keys and end up DoSing myself sometimes.

	▲	grepfru_it 2 hours ago \| parent [-]
		This thread made me realize why fail2ban keeps banning me after one failed password entry :lightbulb:

It does, and there's typically a maximum number of attempts (MaxAuthTries defaults to 6 IIRC) before the server just rejects the connection attempt.

	▲	84634E1A607A 7 hours ago \| parent [-]
		Yep, but this is server-side setting. Were I a sniffer, I would set this to 10000 and now I can correlate keys.