On Tue, 8 Nov 2022 at 14:23, Joerg Sonnenberger <jo...@bec.de> wrote:
> Am Tue, Nov 08, 2022 at 01:23:52PM +1100 schrieb Darren Tucker:
[...]
> > Not quite: the default value for IdentityFile has RSA before ED25519.
[...]
> I tried that first and it picked up id_ed25519 from the agent, even if
> both keys are accepted by the server.
It prefers keys present in the agent as those don't require entering a
passphrase. It'll also prefer keys explicitly specified by the user
on the command line since that demonstrates user intent. And the
behaviour is also modified by IdentitiesOnly.
> I guess that makes the answer a case of "it's complicated".
It is. And IdentityFile works differently to most other options (it's
cumulative, not first-match) which was probably a mistake, but we're
kind of stuck with it.
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
