diff -Nru openssh-8.2p1/debian/changelog openssh-8.2p1/debian/changelog
--- openssh-8.2p1/debian/changelog	2020-02-26 11:55:07.000000000 +0100
+++ openssh-8.2p1/debian/changelog	2020-04-22 11:15:17.000000000 +0200
@@ -1,3 +1,10 @@
+openssh (1:8.2p1-4ubuntu1~ppa1) focal; urgency=medium
+
+  * d/p/prefer-user-configured-before-agent.patch: avoid exceeding
+    max keys (LP: #1872145)
+
+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 22 Apr 2020 11:15:17 +0200
+
 openssh (1:8.2p1-4) unstable; urgency=medium
 
   * Add /etc/ssh/ssh_config.d/ to openssh-client.
diff -Nru openssh-8.2p1/debian/.gitignore openssh-8.2p1/debian/.gitignore
--- openssh-8.2p1/debian/.gitignore	2020-02-26 11:55:07.000000000 +0100
+++ openssh-8.2p1/debian/.gitignore	1970-01-01 01:00:00.000000000 +0100
@@ -1,17 +0,0 @@
-/*.debhelper*
-/*substvars
-/build-deb
-/build-udeb
-/files
-/keygen-test/key1
-/keygen-test/key1.pub
-/keygen-test/key2
-/keygen-test/key2.pub
-/openssh-client
-/openssh-client-udeb
-/openssh-server
-/openssh-server-udeb
-/ssh
-/ssh-askpass-gnome
-/ssh-krb5
-/tmp
diff -Nru openssh-8.2p1/debian/patches/prefer-user-configured-before-agent.patch openssh-8.2p1/debian/patches/prefer-user-configured-before-agent.patch
--- openssh-8.2p1/debian/patches/prefer-user-configured-before-agent.patch	1970-01-01 01:00:00.000000000 +0100
+++ openssh-8.2p1/debian/patches/prefer-user-configured-before-agent.patch	2020-04-22 11:14:05.000000000 +0200
@@ -0,0 +1,33 @@
+Description: prefer user provided keys
+ There is a quite common issue that a long list of keys in the agent
+ leads to exceeding the servers max key tries.
+ In that case a user can set -i to a new key and still is denied.
+ To fix that it seems reasonable to always prefer explicitly set keys.
+Forwarded: no 
+X-Not-Forwarded-Reason: (experimenta)
+Author: Christian Ehrhardt <christian.ehrhardt@canonical.com>
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1872145
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=203700
+Last-Update: 2020-04-22
+--- a/sshconnect2.c
++++ b/sshconnect2.c
+@@ -1681,6 +1681,7 @@ key_type_allowed_by_config(struct sshkey
+ 
+ /*
+  * try keys in the following order:
++ *  proposed-0. keys provided directly by the user
+  * 	1. certificates listed in the config file
+  * 	2. other input certificates
+  *	3. agent keys that are found in the config file
+@@ -1821,7 +1822,10 @@ pubkey_prepare(Authctxt *authctxt)
+ 	/* append remaining keys from the config file */
+ 	for (id = TAILQ_FIRST(&files); id; id = TAILQ_FIRST(&files)) {
+ 		TAILQ_REMOVE(&files, id, next);
+-		TAILQ_INSERT_TAIL(preferred, id, next);
++		if (id->userprovided)
++			TAILQ_INSERT_HEAD(preferred, id, next);
++		else
++			TAILQ_INSERT_TAIL(preferred, id, next);
+ 	}
+ 	/* finally, filter by PubkeyAcceptedKeyTypes */
+ 	TAILQ_FOREACH_SAFE(id, preferred, next, id2) {
diff -Nru openssh-8.2p1/debian/patches/series openssh-8.2p1/debian/patches/series
--- openssh-8.2p1/debian/patches/series	2020-02-26 11:55:07.000000000 +0100
+++ openssh-8.2p1/debian/patches/series	2020-04-22 10:48:06.000000000 +0200
@@ -23,3 +23,4 @@
 restore-authorized_keys2.patch
 conch-old-privkey-format.patch
 revert-ipqos-defaults.patch
+prefer-user-configured-before-agent.patch