From owner-freebsd-questions@freebsd.org Thu Nov 7 20:03:21 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 429F31BF4A7 for ; Thu, 7 Nov 2019 20:03:21 +0000 (UTC) (envelope-from list_freebsd@bluerosetech.com) Received: from echo.brtsvcs.net (echo.brtsvcs.net [208.111.40.118]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 478DqD3FhCz4Ftg for ; Thu, 7 Nov 2019 20:03:20 +0000 (UTC) (envelope-from list_freebsd@bluerosetech.com) Received: from chombo.houseloki.net (chombo [IPv6:2601:1c2:1402:1770:ae1f:6bff:fe6b:9e1c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "chombo.houseloki.net", Issuer "brtsvcs.net CA" (verified OK)) by echo.brtsvcs.net (Postfix) with ESMTPS id B5BB938D18 for ; Thu, 7 Nov 2019 20:03:11 +0000 (UTC) Received: from [IPv6:2601:1c2:1402:1770:24e5:d5d0:6bba:c538] (unknown [IPv6:2601:1c2:1402:1770:24e5:d5d0:6bba:c538]) by chombo.houseloki.net (Postfix) with ESMTPSA id C1EE0120B3 for ; Thu, 7 Nov 2019 12:03:10 -0800 (PST) To: FreeBSD Mailing List From: Mel Pilgrim Subject: Change openssh private key order Message-ID: <373c4623-d68b-7097-c532-288089df770a@bluerosetech.com> Date: Thu, 7 Nov 2019 12:03:08 -0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 478DqD3FhCz4Ftg X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of list_freebsd@bluerosetech.com designates 208.111.40.118 as permitted sender) smtp.mailfrom=list_freebsd@bluerosetech.com X-Spamd-Result: default: False [-3.08 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[bluerosetech.com]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[3]; IP_SCORE(-0.78)[asn: 36236(-3.85), country: US(-0.05)]; TO_DN_ALL(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:36236, ipnet:208.111.40.0/24, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Nov 2019 20:03:21 -0000 I have rsa keys and an ed25519 keys. They're both made available via an ssh-agent. All keys are in the authorized_keys files of the servers in question except for a few legacy cases that only have the rsa keys due to lacking ed25519 support. I want the connections to prefer the ed25519 keys over the rsa keys, but looking at debug output, the RSA keys are always tried first. Is it possible to change the order of precedence for private keys? If so, what option do I set?