Secretive keys pre-empting configured keys for host

[rgov]

I connect to a host that requires an RSA key. For this host, I have an RSA key on disk and I manually configure it in my SSH config:

Host zombo.com
    User root
    IdentityFile ~/.ssh/zombo

During connection, though, SSH seems to attempt to use Secretive's keys first:

debug2: get_agent_identities: ssh_agent_bind_hostkey: agent refused operation
debug1: get_agent_identities: agent returned 2 keys
debug1: Will attempt key: ecdsa-sha2-nistp256 ECDSA SHA256:abcdef agent
debug1: Will attempt key: ecdsa-sha2-nistp256 ECDSA SHA256:ghijkl agent
debug1: Will attempt key: /Users/rgov/.ssh/zombo RSA SHA256:asdfas explicit

It then proceeds to try Secretive key 1, then 2, then the server hangs up because there have been too many attempts. So it never gets to the RSA key I specifically configured for this host.

Is it possible to override this behavior?

[delfuego]

@rgov You just need to add IdentitiesOnly yes to your Host combo.com stanza, so that ssh doesn't cycle through all your keys but instead only attempts to use the one you've configured as your IdentityFile.

[rgov]

Nice! Thanks.