Without checking deeper I'm unsure if keys listed in e.g. /etc/ssh/ssh_config are considered as "userprovided" but lets give this a shot.
Gladly the debug already contains "explicit" if id->userprovided is true.
I usually get:
debug1: Will attempt key: /home/paelzer/.ssh/id_rsa RSA ... agent
debug1: Will attempt key: ubuntu@cpaelzer-bastion RSA ... agent
debug1: Will attempt key: paelzer@lap RSA ... agent
debug1: Will attempt key: <email address hidden> RSA ... agent
debug1: Will attempt key: /home/paelzer/.ssh/id_dsa
debug1: Will attempt key: /home/paelzer/.ssh/id_ecdsa
debug1: Will attempt key: /home/paelzer/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/paelzer/.ssh/id_ed25519
debug1: Will attempt key: /home/paelzer/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/paelzer/.ssh/id_xmss
with an -i set to a key that is in the agent, the defaults vanish.
And since the key is listed & in the agent it is preferred already
debug1: Will attempt key: /home/paelzer/.ssh/id_rsa.n RSA ... explicit agent
debug1: Will attempt key: /home/paelzer/.ssh/id_rsa RSA ... agent
debug1: Will attempt key: ubuntu@cpaelzer-bastion RSA ... agent
debug1: Will attempt key: paelzer@lap RSA ... agent
But if I create a new key and add it it is NOT preferrd (this is the bug in discussion here)
debug1: Will attempt key: /home/paelzer/.ssh/id_rsa RSA ... agent
debug1: Will attempt key: ubuntu@cpaelzer-bastion RSA ... agent
debug1: Will attempt key: paelzer@lap RSA ... agent
debug1: Will attempt key: <email address hidden> RSA ... agent
debug1: Will attempt key: /tmp/testkey RSA ... explicit
The explicit one is down below in the order since it isn't in the agent.
A final solution might want to insert them somewhere else than the very top and/or might want to do similar with certificates. But for the test the attached patch could be enough.
Without checking deeper I'm unsure if keys listed in e.g. /etc/ssh/ssh_config are considered as "userprovided" but lets give this a shot.
Gladly the debug already contains "explicit" if id->userprovided is true.
I usually get: .ssh/id_ rsa RSA ... agent cpaelzer- bastion RSA ... agent .ssh/id_ dsa .ssh/id_ ecdsa .ssh/id_ ecdsa_sk .ssh/id_ ed25519 .ssh/id_ ed25519_ sk .ssh/id_ xmss
debug1: Will attempt key: /home/paelzer/
debug1: Will attempt key: ubuntu@
debug1: Will attempt key: paelzer@lap RSA ... agent
debug1: Will attempt key: <email address hidden> RSA ... agent
debug1: Will attempt key: /home/paelzer/
debug1: Will attempt key: /home/paelzer/
debug1: Will attempt key: /home/paelzer/
debug1: Will attempt key: /home/paelzer/
debug1: Will attempt key: /home/paelzer/
debug1: Will attempt key: /home/paelzer/
with an -i set to a key that is in the agent, the defaults vanish.
And since the key is listed & in the agent it is preferred already
debug1: Will attempt key: /home/paelzer/ .ssh/id_ rsa.n RSA ... explicit agent .ssh/id_ rsa RSA ... agent cpaelzer- bastion RSA ... agent
debug1: Will attempt key: /home/paelzer/
debug1: Will attempt key: ubuntu@
debug1: Will attempt key: paelzer@lap RSA ... agent
But if I create a new key and add it it is NOT preferrd (this is the bug in discussion here) .ssh/id_ rsa RSA ... agent cpaelzer- bastion RSA ... agent
debug1: Will attempt key: /home/paelzer/
debug1: Will attempt key: ubuntu@
debug1: Will attempt key: paelzer@lap RSA ... agent
debug1: Will attempt key: <email address hidden> RSA ... agent
debug1: Will attempt key: /tmp/testkey RSA ... explicit
The explicit one is down below in the order since it isn't in the agent.
A final solution might want to insert them somewhere else than the very top and/or might want to do similar with certificates. But for the test the attached patch could be enough.