new option ssh-add -v to verify if key is loaded into the agent

Konrad Bucheli kb at
Fri Apr 8 15:41:29 EST 2011

On 04/07/11 23:20, Daniel Kahn Gillmor wrote:
> On 04/07/2011 03:12 AM, Konrad Bucheli wrote:
>> In a shell script I need to verify if a key belonging to a given public
>> key file is already loaded into the agent. To achieve this, I added a
>> new option -v to ssh-add which does this verification.
> Couldn't this already be implemented by grepping the output of
> ssh-add -L ?  Is there a compelling need to introduce (and maintain) a
> new command-line argument for this?

My problem is that the agent is not under my control. So I could just
believe what he is telling me (output of ssh-add -L). But I would like
to verify that he is not lying. So this patch verifies cryptographically
with challenge/response that the agent has really loaded the private
key, identical to the public key authentication via ssh-agent.



More information about the openssh-unix-dev mailing list