when connecting to a host that has no particular configuration, not only should in-memory keys be offered, but encrypted ones too. in terms of host configuration, this would be a new option in the "Use pubkey authentication" setting ("use all available keys"), but that setting would be much more rarely need changing at all (as the right key would be picked by the server anyway; currently, a key has to be either manually selected or pre-loaded all the time).
implementing this might require tracking the public parts of the encrypted keys in unencrypted form (if that is not already done) and exposes the list of private keys to the server -- but that is common with ssh (ssh on unix does it too, and after all, everyone can claim to have any fingerprint in the offering phase).
this would be especially useful with third party apps that use ssh (eg agit), as they don't necessarily have a dedicated configuration for the host, and thus always need the key to be decrypted manually before using it. (in that context, the bug report came up originally; see https://github.com/sheimi/SGit/issues/82).
when connecting to a host that has no particular configuration, not only should in-memory keys be offered, but encrypted ones too. in terms of host configuration, this would be a new option in the "Use pubkey authentication" setting ("use all available keys"), but that setting would be much more rarely need changing at all (as the right key would be picked by the server anyway; currently, a key has to be either manually selected or pre-loaded all the time).
implementing this might require tracking the public parts of the encrypted keys in unencrypted form (if that is not already done) and exposes the list of private keys to the server -- but that is common with ssh (ssh on unix does it too, and after all, everyone can claim to have any fingerprint in the offering phase).
this would be especially useful with third party apps that use ssh (eg agit), as they don't necessarily have a dedicated configuration for the host, and thus always need the key to be decrypted manually before using it. (in that context, the bug report came up originally; see https://github.com/sheimi/SGit/issues/82).