@ -1150,7 +1144,6 @@ Paste the following text into a terminal window to create a [recommended](https:
default-cache-ttl 60
max-cache-ttl 120
write-env-file
use-standard-socket
EOF
If you are using Linux on the desktop, you may want to use `/usr/bin/pinentry-gnome3` to use a GUI manager. For macOS, try `brew install pinentry-mac`, and adjust the `pinentry-program` setting to suit.
@ -1162,7 +1155,7 @@ If you are using Linux on the desktop, you may want to use `/usr/bin/pinentry-gn
Depending on how your environment is set up, you might need to add these to your shell `rc` file:
There is a `-L` option of `ssh-add` that lists public key parameters of all identities currently represented by the agent. Copy and paste the following output to the server authorized_keys file:
@ -1180,6 +1172,21 @@ There is a `-L` option of `ssh-add` that lists public key parameters of all iden
#### (Optional) Save public key for identity file configuration
If `IdentitiesOnly yes` is used in your `.ssh/config` (for example [to avoid being fingerprinted by untrusted ssh servers](https://blog.filippo.io/ssh-whoami-filippo-io/)), `ssh` will not automatically enumerate public keys loaded into `ssh-agent` or `gpg-agent`. This means `publickey` authentication will not proceed unless explicitly named by `ssh -i [identity_file]` or in `.ssh/config` on a per-host basis.
In the case of Yubikey usage, you do not have access to the private key, and `identity_file` can be pointed to the public key (`.pub`).