SSH connection with OpenSSH requires PubkeyAuthentication=yes

[dolmen]

The PubkeyAuthentication option of OpenSSH must be set to yes to allow connecting to the sketch container. While this is the default configuration value of OpenSSH

How to reproduce

When a local sketch starts it says:

...
Connect to this container via any of these methods:
🖥️  ssh sketch-1ttk-y2qj-jkdc-518b
...

My (non-standard, but more secure) SSH client configuration contains this block at the end (it applies each of those settings to all connections which don't have a previously defined value for that option):

Host *
ForwardAgent no
ForwardX11 no
PermitLocalCommand no
# Avoid public keys being proposed to any SSH server we connect to (ex: whoami.filippo.io)
PubkeyAuthentication no
IdentitiesOnly yes
AddKeysToAgent no

$ ssh sketch-1ttk-y2qj-jkdc-518b
root@127.0.0.1: Permission denied (publickey).
$ ssh -o PubkeyAuthentication=yes sketch-1ttk-y2qj-jkdc-518b
root@16295d2c24ac:/app#

Context

• sketch 0.0.33 on MacOS installed via homebrew
• OpenSSH_9.9p2, LibreSSL 3.3.6 (Apple)
• non standard SSH config

User workaround by custom SSH config

Add this custom SSH configuration in ~/.ssh/config (anywhere above the Host * above):

Host sketch-????-????-????-????
PubkeyAuthentication yes

Proposed fix

Change the message displayed when the container is started to include the -o PubkeyAuthentication=yes arguments in the ssh command.

...
Connect to this container via any of these methods:
🖥️  ssh -o PubkeyAuthentication=yes sketch-1ttk-y2qj-jkdc-518b
...

[dolmen]

Note: I'm the author (and user) of github-keygen, a solution for managing improved SSH settings for GitHub. This is not relevant for this issue but it can give some context about motivations for a user to use non-standard OpenSSH settings. See also https://github.com/FiloSottile/whoami.filippo.io/blob/master/README.md#how-do-i-stop-it