I have a question about SK keys when there are more than 6 keys in the agent. If I have added an SK key as resident to a hardware token, using the -O resident option with ssh-keygen(1), then the -K option with ssh-add(1) will get the resident key later from the token and store it in the agent. $ ssh-add -K With six or fewer keys in the agent, assuming default MaxAuthTries in the server, it is then only a matter of having the SSH client use the agent and the right key will be found. However, with many keys already in the agent, the key has to be specified explicitly or the 'wrong' keys will get tried first. I'd like to point the client directly to the resident key without first extracting the resident key and saving it to the file system. How may I tell the SSH client which key to use without a file on disk? $ ssh-add -l | awk '{print $1, $NF}' 256 (ED25519) 256 (ED25519) 2048 (RSA) 256 (ED25519) 256 (ED25519) 256 (ED25519) 4096 (RSA) 4096 (RSA) 4096 (RSA) 256 (ED25519) 256 (ECDSA-SK) 256 (ECDSA-SK) 256 (ECDSA-SK) 256 (ECDSA-SK) 256 (ECDSA-SK) 256 (ECDSA-SK) 256 (ED25519) 256 (ECDSA-SK) 256 (ED25519-SK) /Lars _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev