SSH agent prompts for all passphrases

Karol Babioch karol at
Tue Aug 23 11:51:33 CEST 2016

Hi again,

Am 23.08.2016 um 11:29 schrieb Peter Lebbing:
> Hmmmmm. I use both a smartcard and an encrypted on-disk key, and am
> never prompted for a passphrase for a key that isn't listed in
> authorized_keys.

Ok, it was my mistake. Looking through the verbose output of the SSH
client, I realized that I'm using a jump host, which still had my other
public keys in authorized_keys, so I was being asked for the appropriate
passphrase. Removing them fixed this.

However, there is still something that bothers me. The client offers the
disk-based keys first (id_rsa, id_ed25519, etc.). This is not a problem
in case only the smartcard's key is stored in authorized_keys, but as
soon as I put a fallback key there, it is being offered first and I'm
asked for the passphrase.

Can I somehow control the order in which the client presents its keys to
the server? Is this something the agent controls, or the SSH client itself?

Thanks again for your help, it is very much appreciated.

Best regards,
Karol Babioch

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20160823/321f1da1/attachment-0001.sig>

More information about the Gnupg-users mailing list