On Tue, 8 Nov 2022 at 11:05, Joerg Sonnenberger <jo...@bec.de> wrote:
> Am Mon, Nov 07, 2022 at 12:53:43PM +0100 schrieb Renaud Allard:
[...]
> > Wouldn't it also be a good idea for ssh client to also try the ed25519 key
> > first if there are multiple keys?
>
> That's already happening.
Not quite: the default value for IdentityFile has RSA before ED25519.
Changing the default order is a potentially disruptive change, though,
as configs that previously worked may hit MaxAuthTries instead.
IdentityFile
[...] The default is ~/.ssh/id_rsa,
~/.ssh/id_ecdsa, ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519,
~/.ssh/id_ed25519_sk and ~/.ssh/id_dsa.
$ SSH_AUTH_SOCK= ssh -F/dev/null localhost
Enter passphrase for key '/home/dtucker/.ssh/id_rsa':
Enter passphrase for key '/home/dtucker/.ssh/id_ecdsa':
Enter passphrase for key '/home/dtucker/.ssh/id_ed25519':
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
