nisse@lysator.liu.se (Niels Möller) writes:
Oh. I'm not sure if that works though. You can defer the passphrase prompt until lsh wants to use the private keys, but if I recall correctly, with SSH you don't know which private key to use anyway, so you have to decrypt them all and try them in order.
You're not recalling all the details ;-)
The ssh userauth protocol allows you to send a publickey, *without* any signature, and the server will tell you if the key + signature would be accepted. The way lsh uses that, it sends such requests for all known keys (and one can send the requests back-to-back, without having to wait a network roundtrip per key), and then it creates and sends a signature for the first key which the server says it will accept.
It's just a question of getting the public key first, without decrypting the corresponding private key upfront.
Ah, nice. I don't think libssh2 implements this idea, so that's why I missed it. Not even sure OpenSSH does, I recall having to unlock my smartcard even though I had a private key on disk that would have worked (although in that case, the smartcard key would also work, so maybe when faced with multiple working keys, OpenSSH prefered my smartcard key).
/Simon