On Tue, 8 Nov 2022 at 14:23, Joerg Sonnenberger <jo...@bec.de> wrote: > Am Tue, Nov 08, 2022 at 01:23:52PM +1100 schrieb Darren Tucker: [...] > > Not quite: the default value for IdentityFile has RSA before ED25519. [...] > I tried that first and it picked up id_ed25519 from the agent, even if > both keys are accepted by the server.
It prefers keys present in the agent as those don't require entering a passphrase. It'll also prefer keys explicitly specified by the user on the command line since that demonstrates user intent. And the behaviour is also modified by IdentitiesOnly. > I guess that makes the answer a case of "it's complicated". It is. And IdentityFile works differently to most other options (it's cumulative, not first-match) which was probably a mistake, but we're kind of stuck with it. -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.