Am Tue, Nov 08, 2022 at 01:23:52PM +1100 schrieb Darren Tucker: > On Tue, 8 Nov 2022 at 11:05, Joerg Sonnenberger <jo...@bec.de> wrote: > > Am Mon, Nov 07, 2022 at 12:53:43PM +0100 schrieb Renaud Allard: > [...] > > > Wouldn't it also be a good idea for ssh client to also try the ed25519 key > > > first if there are multiple keys? > > > > That's already happening. > > Not quite: the default value for IdentityFile has RSA before ED25519. > Changing the default order is a potentially disruptive change, though, > as configs that previously worked may hit MaxAuthTries instead. > > IdentityFile > [...] The default is ~/.ssh/id_rsa, > ~/.ssh/id_ecdsa, ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519, > ~/.ssh/id_ed25519_sk and ~/.ssh/id_dsa. > > $ SSH_AUTH_SOCK= ssh -F/dev/null localhost > Enter passphrase for key '/home/dtucker/.ssh/id_rsa': > Enter passphrase for key '/home/dtucker/.ssh/id_ecdsa': > Enter passphrase for key '/home/dtucker/.ssh/id_ed25519':
I tried that first and it picked up id_ed25519 from the agent, even if both keys are accepted by the server. I guess that makes the answer a case of "it's complicated". Joerg
