$ ssh-add -l 256 SHA256:H7Rl8OShjUdLmaItsuIBt6sg44mhm6WLpXDoAAGVYck tfoerste@t44 (ED25519) 4096 SHA256:0x+umkyb9RYASDtNJ+280PII+2aFbmyAMDvIwNgh6bM /home/tfoerste/.ssh/id_rsa-github (RSA) 4096 SHA256:shLZ2PU4MGlaz4JZ5jSWXVp/waiXgKtEdH/fOWuvzdQ /home/tfoerste/.ssh/id_rsa-kvm (RSA) 2048 SHA256:JOyhKxIGyKw/lTmuNUELgylq4lyHQt1WD5us3jCwZs4 /home/tfoerste/.ssh/id_rsa-n22 (RSA) The later 3 contains the file name, but not the first.
This affects -L, too. The -L output for ssh-ed25519 looks just like the .pub file's contents; for ssh-rsa and ecdsa-sha2-nistp256 -L replaces the comment with the filename.
This is due to ed25519 keys using the new OpenSSH-specific storage format that retains the key comment, and other key types by default using PEM that doesn't. You can force the use of the new format by specifying the -o option to ssh-keygen when creating keys or resetting existing keys passphrases. E.g. "ssh-keygen -pof /path/key -C comment" can be used to upgrade a PEM format to an OpenSSH format and baking in the key comment at the same time. At some future time, we'll make the OpenSSH format the default.
The output should still include the filenames from which the key(s) were loaded, even if that requires changes in how the agent internally stores the keys.
That's not really possible without modifying the agent protocol - it only supports a single key comment. We substitute the key's path if we don't get one from the key, but displaying both comment from the key and path would require either 1) we change the protocol or 2) we munge the key comment to include both. I consider #1 too little benefit for a costly (and slow to deploy) change. #2 is pretty ugly and breaks the transparency of ssh-keygen.
err, I meant "breaks the transparency of ssh-add"
I see. I would be useful were a future version of the agent protocol to support passing the filename in addition to what is current passed.
Close all resolved bugs after release of OpenSSH 7.7.