Repost: [patch] Automatically add keys to agent

Jameson Rollins jrollins at finestructure.net
Sun Jan 17 09:15:47 EST 2010


On Sat, Jan 16, 2010 at 08:34:30PM +0100, Joachim Schipper wrote:
> On Tue, Jan 12, 2010 at 01:24:34AM +0100, Joachim Schipper wrote:
> > My keys are secured with a passphrase. That's good for security, but
> > having to type the passphrase either at every login or at every
> > invocation of ssh(1) is annoying.
> 
> > Hence, this patch. I'll just quote ssh_config(5):
> > 
>      AddKeyToAgent
>        If this option is set to ``yes'' and ssh-agent(1) is running, any
>        keys used will be added to the agent (with the default lifetime).
>        Setting this to ``ask'' will cause ssh to require confirmation
>        using the SSH_ASKPASS program before the key is added (see
>        ssh-add(1) for details).  The argument must be ``yes'', ``ask'',
>        or ``no''.  The default is ``no''.
> 
> I am a bit disappointed by the total lack of response - does nobody else
> have this problem? I'm willing to do more work on it, if so desired, and
> I wouldn't mind having to wait until OpenBSD 4.7 is tagged if everyone's
> too busy right now.

I think probably everyone already has hooks or wrapper scripts they've
put together to accomplish this.  For instance I have a proxycommand
that does it for me.  That said, I think it's a pretty good idea.  I
would rather use something like this than the hackish wrapper scripts
I'm currently using.

That said, I wasn't a big fan of your dismissal of the ssh-add -c
option.  I think that is a very important option that everyone should
be using.  You should always want to be informed if anything is trying
to use your key.  Otherwise a malicious program could gain access to
your key without your knowning it.

jamie.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20100116/cd26b97f/attachment.bin>


More information about the openssh-unix-dev mailing list