Hi again, Am 23.08.2016 um 11:29 schrieb Peter Lebbing: > Hmmmmm. I use both a smartcard and an encrypted on-disk key, and am > never prompted for a passphrase for a key that isn't listed in > authorized_keys.
Ok, it was my mistake. Looking through the verbose output of the SSH client, I realized that I'm using a jump host, which still had my other public keys in authorized_keys, so I was being asked for the appropriate passphrase. Removing them fixed this. However, there is still something that bothers me. The client offers the disk-based keys first (id_rsa, id_ed25519, etc.). This is not a problem in case only the smartcard's key is stored in authorized_keys, but as soon as I put a fallback key there, it is being offered first and I'm asked for the passphrase. Can I somehow control the order in which the client presents its keys to the server? Is this something the agent controls, or the SSH client itself? Thanks again for your help, it is very much appreciated. Best regards, Karol Babioch
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
