[patch] Automatically add keys to agent

Joachim Schipper joachim at joachimschipper.nl
Sat May 22 05:22:04 EST 2010

On Tue, Jan 12, 2010 at 01:24:34AM +0100, Joachim Schipper wrote:
> My keys are secured with a passphrase. That's good for security, but
> having to type the passphrase either at every login or at every
> invocation of ssh(1) is annoying.
> I know I could invoke ssh-add(1) just before invoking ssh(1), if I keep
> track of whether I invoked it already, or write some hacky scripts; but
> the rest of OpenSSH is wonderfully usable without any hacks.
> Hence, this patch. I'll just quote ssh_config(5):
>     AddKeyToAgent
>       If this option is set to ``yes'' and ssh-agent(1) is running, any
>       keys unlocked with a password will be added to the agent (with
>       the default lifetime).  Setting this to ``ask'' will cause ssh to
>       require confirmation using the SSH_ASKPASS program before the key
>       is added (see ssh-add(1) for details).  The argument must be
>       ``yes'', ``ask'', or ``no''.  The default is ``no''.
> Having more knobs isn't really useful, IMHO. Default lifetime is
> configurable via ssh-agent(1)'s -t flag, and if you want to confirm each
> key use you should be willing to live without this convenience feature.
> By the way, are there plans to replace ask_permission() (also used for
> other "ask" type options, e.g.  ControlMaster) by something a little
> more user-friendly? Having to type "yes" works, but isn't exactly
> elegant. (Not volunteering here, I know nothing about X.)
> Please be gentle, but inspect thoroughly, as this is my first patch.

I sent the above message to the list quite a while ago, and was told to
put my (revised) patch in the bug tracker. It's at
https://bugzilla.mindrot.org/show_bug.cgi?id=1699; is there anything I
can do to help the process along? I am open to
suggestions/criticisms/being told to drop this - but I think it'd be a
shame if this falls through the cracks.


More information about the openssh-unix-dev mailing list