Repost: [patch] Automatically add keys to agent

Joachim Schipper joachim at joachimschipper.nl
Mon Jan 18 23:39:44 EST 2010


On Sun, Jan 17, 2010 at 01:19:15PM +0200, Roumen Petrov wrote:
> Joachim Schipper wrote:
> >On Tue, Jan 12, 2010 at 01:24:34AM +0100, Joachim Schipper wrote:
> >>My keys are secured with a passphrase. That's good for security, but
> >>having to type the passphrase either at every login or at every
> >>invocation of ssh(1) is annoying.
> >
> >>Hence, this patch. I'll just quote ssh_config(5):
> >>
> >      AddKeyToAgent
> >        If this option is set to ``yes'' and ssh-agent(1) is running, any
> >        keys used will be added to the agent (with the default lifetime).
> >        Setting this to ``ask'' will cause ssh to require confirmation
> >        using the SSH_ASKPASS program before the key is added (see
> >        ssh-add(1) for details).  The argument must be ``yes'', ``ask'',
> >        or ``no''.  The default is ``no''.
> >
> >I am a bit disappointed by the total lack of response - does nobody else
> >have this problem? I'm willing to do more work on it, if so desired, and
> >I wouldn't mind having to wait until OpenBSD 4.7 is tagged if everyone's
> >too busy right now.
> 
> [SNIP]
> Why to use this as I could use IdentitiesOnly and IdentityFile per
> host as initially I could load  all required keys info agent ?
> May be instead new option you could enhance existing option
> IdentitiesOnly with ask.

I don't understand what you are saying, I'm afraid.

What this patch does can be described as follows:

Without:
you at local$ ssh somehost
Enter passphrase for RSA key 'foo': 
you at somehost$ exit
$ ssh otherhost
Enter passphrase for RSA key 'foo':
you at otherhost$

With:
you at local$ ssh somehost
Enter passphrase for RSA key 'foo': 
you at somehost$ exit
$ ssh otherhost
you at otherhost$

That is, it means you don't have to type the passphrase twice.

Of course, loading everything into the agent at login works, too, but
that means you'll have to type your passphrase even if you log out/the
keys expire/whatever before you get to use them.

		Joachim


More information about the openssh-unix-dev mailing list