karl.peterson@xxxxxxxxx wrote: > Why is the client's public key needed to connect to a server? It isn't strictly needed if the connection does succeed in some cases.. > Why doesn't the client present the requested identity first if the > public key is not present? I guess that this is more by accident than anything else, but I agree that it would be desirable to have the client behave the same in both cases. It is both an unneccessary information leak and a potential usability issue (as in your case). For now you can use 'IdentitiesOnly yes' in .ssh/config to tell ssh (thus also sftp) to only offer the explicitly configured identities. > Additionally, why is the public key portion of the private key file > encrypted by the passphrase? The public key isn't stored in the private key file, it is mathematically derived from the decrypted private key. //Peter _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
