Question about ssh-add...

Andrew Stribblehill a.d.stribblehill at durham.ac.uk
Tue Feb 20 20:35:14 EST 2001


Quoting Volker Paulsen <paulsen at orbiteam.de>:
> Evenin',
> 
> I would like to know, why "OpenSSH ssh-add" doesn't support the -p
> (pipe) option of "Ssh-1.2.X shh-add"? I used it several time within
> scripts, like
> 
>     ./whisperpassphrase | ssh-add -p
> 
> Well, I know this is some kind of security by obscurity, but this has
> been proven to be handy.

You could easily do this to the same effect:

$ cat whisperpassphrase
#! /bin/sh
#
echo 'secret hax0r passphrase'
$ SSH_ASKPASS=./whisperpassphrase ssh-add <&-
Identity added: /home/foo/.ssh/identity (foo at bar)

In my opinion, it's better to make people /think/ about whether
they really need this, and to make them work for it, rather than
have this too-easy pipe thing. Call it security by cluefulness!

Cheerio,

Andrew Stribblehill
Systems programmer, IT Service, University of Durham, England





More information about the openssh-unix-dev mailing list