Change openssh private key order

Christian Weisgerber naddy at
Tue Nov 19 18:00:14 UTC 2019

On 2019-11-07, Mel Pilgrim <list_freebsd at> wrote:

> I have rsa keys and an ed25519 keys.  They're both made available via an 
> ssh-agent.  All keys are in the authorized_keys files of the servers in 
> question except for a few legacy cases that only have the rsa keys due 
> to lacking ed25519 support.
> I want the connections to prefer the ed25519 keys over the rsa keys, but 
> looking at debug output, the RSA keys are always tried first.

The keys are offered to the remote host in the order in which they
are held in ssh-agent.  If you load the Ed25519 key first...

$ ssh-add .ssh/id_ed25519 .ssh/id_rsa

... it will be preferred over the RSA key.

Christian "naddy" Weisgerber                          naddy at

More information about the freebsd-questions mailing list