Commit `52b8a3a9c65b`

Vincent Demeester <vincent@sbr.pm>

2026-01-30 16:43:19

fix(openssh): add identitiesOnly for IP wildcards

Prevents "Too many authentication failures" when SSHing directly to IP addresses by limiting key attempts to the specified identity file. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

main

1 parent 4d7251f

Changed files (1)

home

common

shell

openssh.nix

@@ -154,6 +154,7 @@ in
           };
           "192.168.1.*" = {
             forwardAgent = true;
+            identitiesOnly = true;
             identityFile = lib.mkIf hasFido2Keys "~/.ssh/id_homelab_sk";
             extraOptions = {
               StrictHostKeyChecking = "no";
@@ -162,6 +163,7 @@ in
           };
           "10.100.0.*" = {
             forwardAgent = true;
+            identitiesOnly = true;
             identityFile = lib.mkIf hasFido2Keys "~/.ssh/id_homelab_sk";
           };
         }

Commit 52b8a3a9c65b

Commit `52b8a3a9c65b`