[Bug 1699] New: [patch] Enhance SSH to automatically add keys to ssh-agent

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Jan 19 11:25:44 EST 2010 

https://bugzilla.mindrot.org/show_bug.cgi?id=1699

           Summary: [patch] Enhance SSH to automatically add keys to
                    ssh-agent
           Product: Portable OpenSSH
           Version: 5.3p1
          Platform: amd64
               URL: http://article.gmane.org/gmane.network.openssh.devel/1
                    6422
        OS/Version: OpenBSD
            Status: NEW
          Keywords: needs-release-note, patch
          Severity: enhancement
          Priority: P2
         Component: ssh
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: joachim at joachimschipper.nl


Created an attachment (id=1780)
 --> (https://bugzilla.mindrot.org/attachment.cgi?id=1780)
[patch] Automatically add keys to ssh-agent(1)

[Continuing a mailing list thread; see
http://article.gmane.org/gmane.network.openssh.devel/16422.]

My keys are secured with a passphrase. That's good for security, but
having to type the passphrase either at every login or at every
invocation of ssh(1) is annoying.

It's possible to hack around this annoyance, but such hacks are
inevitably brittle. OpenSSH should just do quietly do the right thing,
as it does in other cases.

Please find included a patch (against OpenBSD's OpenSSH) to fix this.
By way of specification, I'll quote ssh_config(5):

     AddKeysToAgent
             Specifies whether keys should be automatically added to
ssh-agent(5) (if running).  If this option is set to ``yes'' and a key
is loaded from a file, this key and all keys with either the same or an
empty passphrase are added to the agent (with the default lifetime), as
if by ssh-add(1).  If this option is set to ``ask'', ssh will require
confirmation using the SSH_ASKPASS pro- gram before adding a key (see
ssh-add(1) for details).  If this option is set to ``confirm'', each
use of the key must be confirmed, exactly as if the -c option was
specified to ssh-add(1).  If this option is set to ``no'', no keys are
added to the agent.  The argument must be ``yes'', ``confirm'',
``ask'', or ``no''.  The default is ``no''.

This is my first patch, so please review thoroughly! I'll happily make
any changes requested.

        Joachim

P.S. This patch has been completely rewritten (relative to the patch
posted to the mailing list, above) to support adding all keys with the
same passphrase at once.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list