Comment 2 for bug 505493

Thank you for using Ubuntu and taking the time to report a bug.

I'm afraid I don't understand the problem as described. For the SSH protocol, http://www.ietf.org/rfc/rfc4251.txt has details on the protocol architecture and http://www.ietf.org/rfc/rfc4252.txt specifically on the authenticaion protocol.

For the openssh implementation, openssh should only offer ~/.ssh/id_rsa or ~/.ssh/id_dsa by default, unless you have configured ssh differently (see man 1 ssh) . Even if it did offer multiple keys, it would be multiple public keys that should give no indication of their use (therefore useless to an attacker).

Can you explain the problem with more detail including steps to reproduce? Thanks