I tried to configure split-ssh according to the tutorial on qubes pages,
in its simple version (just agent, but no keepass integration). But now
ssh offers *all* my private keys to *all* servers, which is odd, but
more annoying, it usually breaks connections after 3 "false" public keys
...
Clearly, I did something wrong, but I do not understand well-enough what
I should change. Did some have/solve this problem already or have a
hint for me, please? Thank you!
I dont think you did anything wrong.
I think what you are looking for is something like my split-ssh-agent -
This allows you to have multiple keys, allocated as you will between different
agents on the ssh back-end.
From each calling qube, you specify (in policy) what agent should be
called, and this is passed through to the ssh back-end to serve up the
appropriate keys.
You can find it at GitHub - unman/qubes-ssh-agent or a
packaged version for easy installation at https://qubes.3isec.org/tasks.html
If you dont use it, it should give you one idea of how you might go on.