How to detect if key ssh-add'ed with '-c' or without?

n3rd at n3rd at
Fri Aug 31 22:40:55 EST 2012

Hi all. Some background: I'm using my own wrapper script for ssh that deals with multitude of IP addresses, user accounts, keys and other ssh parameters for bunch of managed hosts.

On X session start i (actually, my script) load all my private keys with 'ssh-add -c', to get confirmation on every key usage.

This works bad with autossh, so i would like to add some logic: if I specify to run autossh with some host/user/key, the scipt will reload the private key without -c option (asking me for password). And maybe at the end of autossh session, reload the key back with 'ssh-add -c'.

So, how can i detect if key loaded with -c option or without?

'ssh-add -l' lacks such information.

My last guess is such: before actually start autossh it's possible to set some small script at SSH_ASKPASS, try to use the key, and if that script is launched, it means i need to reload the key without '-c'. Ugly.

PS: BTW there is also no way to get key expiration time (if set with 'ssh-add -t').

More information about the openssh-unix-dev mailing list