* New script `bin/add-ssh-keys' to load keys into the SSH agent in the
right order, so that it prefers
Ed25519 over RSA.
* Don't use the `gnome-keyring' SSH agent, because it doesn't
implement modern cryptography. Because the Gnome developers have
more important things to screw up.
--- /dev/null
+#! /bin/sh -e
+
+## An ugly hack: figure out the available SSH keys and feed them to the agent
+## in preference order, because the default order is wrong and there doesn't
+## seem to be any other way to fix this.
+unset ff
+for k in id_ed25519 id_rsa id_ecdsa id_dsa id_identity; do
+ if [ -f $HOME/.ssh/$k ]; then ff=$ff${ff+ }$HOME/.ssh/$k; fi
+done
+exec ssh-add $ff
[ -s "$GNOME_KEYRING_CONTROL" ]; } ||
{ [ "$DBUS_SESSION_BUS_ADDRESS" ] &&
__mdw_programp gnome-keyring-daemon; }; } &&
- stuff=$(gnome-keyring-daemon -s -c ssh,gpg 2>/dev/null)
+ stuff=$(gnome-keyring-daemon -s -c gpg 2>/dev/null)
then
eval "$stuff"
export SSH_AUTH_SOCK GPG_AGENT_INFO
run-with-shell-env
start-ssh-agent
start-ssh-pageant
+ add-ssh-keys
svnwrap
guest-console
hyperspec"