On Sun, 20 Oct 2019, Ted Unangst wrote: > I have two OpenBSD machines, let's call them laptop and desktop. desktop is a > bit older, and has a ecdsa-sha2-nistp256 key in .ssh/authorized_keys. laptop > is configured with a ssh-ed25519 .ssh/id_ed25519 key file. The keyfile has a > password and I use ssh-agent and ssh-add to unlock it. > > What happens: I ssh from laptop to desktop and ssh asks for the id_ed25519 > password. This doesn't accomplish much, since it isn't authorized on desktop > anyway. > > Expected: If the key doesn't work, I should be asked for the remote system > password, not the key password. The key has already been unlocked via ssh-add. > > Theory: ssh tries the key, doesn't work, then gets confused when it goes back > into the .ssh for more options and asks to unlock a key it's already seen. > > I think this is a regression, I've had similar setup for ages and never > noticed this before.
Could you send the output of "ssh -vvv desktop" from the laptop side? Also, what are the permissions for ~/.ssh/id_ed25519*?
