According to the man page,
ssh by default sends multiple public keys from files in the ~/.ssh folder, one by one, until authentication success. Does that mean that the server side could know multiple (possibly all of) the client’s public keys after a single authentication?
If so, website A would easily know a user’s username from website B, if website B publishes public key to username mapping, unless the user specifically narrows down what public key to use when logging into website A.
Is that an intended behavior, or did I miss something here, since I do not know much about this…