diff --git a/osc/conf.py b/osc/conf.py
index f77d183d..5c0ee5b7 100644
--- a/osc/conf.py
+++ b/osc/conf.py
@@ -303,10 +303,19 @@ class HostOptions(OscOptions):
             """
             A pointer to public SSH key that corresponds with a private SSH used for authentication:
 
+             - keep empty for auto detection
              - path to the public SSH key
              - public SSH key filename (must be placed in ~/.ssh)
 
             NOTE: The private key may not be available on disk because it could be in a GPG keyring, on YubiKey or forwarded through SSH agent.
+
+            TIP: To give osc a hint which ssh key from the agent to use during auto detection,
+            append ``obs=<apiurl-hostname>`` to the **private** key's comment.
+            This will also work nicely during SSH agent forwarding, because the comments get forwarded too.
+
+             - To edit the key, run: ``ssh-keygen -c -f ~/.ssh/<private-key>``
+             - To query the key, run: ``ssh-keygen -y -f ~/.ssh/<private-key>``
+             - Example comment: ``<username@host> obs=api.example.com obs=api-test.example.com``
             """
         ),
     )  # type: ignore[assignment]
diff --git a/osc/connection.py b/osc/connection.py
index 6a844b4c..906af246 100644
--- a/osc/connection.py
+++ b/osc/connection.py
@@ -573,6 +573,7 @@ class SignatureAuthHandler(AuthHandlerBase):
             if "/" not in self.sshkey:
                 self.sshkey = os.path.join("~", ".ssh", self.sshkey)
                 self.sshkey = os.path.expanduser(self.sshkey)
+            output.print_msg(f"Using ssh key file configured in oscrc: {self.sshkey}", print_to="debug")
 
         self.ssh_keygen_path = shutil.which("ssh-keygen")
         self.ssh_add_path = shutil.which("ssh-add")
@@ -602,6 +603,21 @@ class SignatureAuthHandler(AuthHandlerBase):
         # that's why we need to list ssh-agent's keys and store the first one into a temp file
         keys_in_agent = self.list_ssh_agent_keys()
         if keys_in_agent:
+            selected_key = None
+
+            apiurl_hostname = urllib.parse.urlparse(self.apiurl).hostname
+            for key in keys_in_agent:
+                comments = key.strip().split(" ")[2:]
+                pattern = f"obs={apiurl_hostname}"
+                if pattern in comments:
+                    selected_key = key
+                    output.print_msg(f"Using ssh key from ssh agent that has comment '{pattern}' which matches apiurl '{self.apiurl}': {selected_key}", print_to="debug")
+                    break
+
+            if selected_key is None:
+                selected_key = keys_in_agent[0]
+                output.print_msg(f"Using the first ssh key from ssh agent (see `ssh-add -L`): {selected_key}", print_to="debug")
+
             self.temp_pubkey = tempfile.NamedTemporaryFile(mode="w+")
             self.temp_pubkey.write(keys_in_agent[0])
             self.temp_pubkey.flush()
@@ -609,9 +625,11 @@ class SignatureAuthHandler(AuthHandlerBase):
 
         sshdir = os.path.expanduser('~/.ssh')
         keyfiles = ('id_ed25519', 'id_ed25519_sk', 'id_rsa', 'id_ecdsa', 'id_ecdsa_sk', 'id_dsa')
+        output.print_msg(f"Searching ssh keys in '{sshdir}' in the following order: {', '.join(keyfiles)}", print_to="debug")
         for keyfile in keyfiles:
             keyfile_path = os.path.join(sshdir, keyfile)
             if os.path.isfile(keyfile_path):
+                output.print_msg(f"Using ssh key from file: {keyfile_path}", print_to="debug")
                 return keyfile_path
         return None