Repost: [patch] Automatically add keys to agent
Jameson Rollins
jrollins at finestructure.net
Sun Jan 17 09:15:47 EST 2010
On Sat, Jan 16, 2010 at 08:34:30PM +0100, Joachim Schipper wrote:
> On Tue, Jan 12, 2010 at 01:24:34AM +0100, Joachim Schipper wrote:
> > My keys are secured with a passphrase. That's good for security, but
> > having to type the passphrase either at every login or at every
> > invocation of ssh(1) is annoying.
>
> > Hence, this patch. I'll just quote ssh_config(5):
> >
> AddKeyToAgent
> If this option is set to ``yes'' and ssh-agent(1) is running, any
> keys used will be added to the agent (with the default lifetime).
> Setting this to ``ask'' will cause ssh to require confirmation
> using the SSH_ASKPASS program before the key is added (see
> ssh-add(1) for details). The argument must be ``yes'', ``ask'',
> or ``no''. The default is ``no''.
>
> I am a bit disappointed by the total lack of response - does nobody else
> have this problem? I'm willing to do more work on it, if so desired, and
> I wouldn't mind having to wait until OpenBSD 4.7 is tagged if everyone's
> too busy right now.
I think probably everyone already has hooks or wrapper scripts they've
put together to accomplish this. For instance I have a proxycommand
that does it for me. That said, I think it's a pretty good idea. I
would rather use something like this than the hackish wrapper scripts
I'm currently using.
That said, I wasn't a big fan of your dismissal of the ssh-add -c
option. I think that is a very important option that everyone should
be using. You should always want to be informed if anything is trying
to use your key. Otherwise a malicious program could gain access to
your key without your knowning it.
jamie.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20100116/cd26b97f/attachment.bin>
More information about the openssh-unix-dev
mailing list