Repost: [patch] Automatically add keys to agent

Roumen Petrov openssh at roumenpetrov.info
Tue Jan 19 07:23:34 EST 2010 

Joachim Schipper wrote:
> On Sun, Jan 17, 2010 at 01:19:15PM +0200, Roumen Petrov wrote:
>> Joachim Schipper wrote:
>>> On Tue, Jan 12, 2010 at 01:24:34AM +0100, Joachim Schipper wrote:
>>>> My keys are secured with a passphrase. That's good for security, but
>>>> having to type the passphrase either at every login or at every
>>>> invocation of ssh(1) is annoying.
>>>
>>>> Hence, this patch. I'll just quote ssh_config(5):
>>>>
>>>       AddKeyToAgent
>>>         If this option is set to ``yes'' and ssh-agent(1) is running, any
>>>         keys used will be added to the agent (with the default lifetime).
>>>         Setting this to ``ask'' will cause ssh to require confirmation
>>>         using the SSH_ASKPASS program before the key is added (see
>>>         ssh-add(1) for details).  The argument must be ``yes'', ``ask'',
>>>         or ``no''.  The default is ``no''.
>>>
>>> I am a bit disappointed by the total lack of response - does nobody else
>>> have this problem? I'm willing to do more work on it, if so desired, and
>>> I wouldn't mind having to wait until OpenBSD 4.7 is tagged if everyone's
>>> too busy right now.
>>
>> [SNIP]
>> Why to use this as I could use IdentitiesOnly and IdentityFile per
>> host as initially I could load  all required keys info agent ?
>> May be instead new option you could enhance existing option
>> IdentitiesOnly with ask.
>
> I don't understand what you are saying, I'm afraid.
>
> What this patch does can be described as follows:
>
> Without:
> you at local$ ssh somehost
> Enter passphrase for RSA key 'foo':
> you at somehost$ exit
> $ ssh otherhost
> Enter passphrase for RSA key 'foo':
> you at otherhost$
>
> With:
> you at local$ ssh somehost
> Enter passphrase for RSA key 'foo':
> you at somehost$ exit
> $ ssh otherhost
> you at otherhost$
>
> That is, it means you don't have to type the passphrase twice.

And what is difference it option IdentitiesOnly is enhanced to add key 
to agent ?

With current behavior user will be prompted to password  if key is not 
in agent, but if key is loaded client will try to use it.


> Of course, loading everything into the agent at login works, too, but
> that means you'll have to type your passphrase even if you log out/the
> keys expire/whatever before you get to use them.
>
> 		Joachim

Roumen

More information about the openssh-unix-dev mailing list