ProxyCommand that creates identity file

Damien Miller djm at
Fri Nov 10 14:28:28 AEDT 2017

On Thu, 9 Nov 2017, John Maguire wrote:

> Thanks for the feedback. A couple of the goals for this project are that
> (a) it works for any use cases that utilize SSH (so Git, scp, rsync, etc.)
> -- meaning that configuration options are highly preferable to a wrapper,
> and (b) that this application supports Windows, MacOS, and Linux for
> tunneling (even if the SSH CA feature is unsupported on Windows).
> Thanks for the link to go-daemon, I'll look a little closer, but I don't
> think this architecture will work.
> Is there a reason that load_key_public must occur prior to
> ssh_exchange_identification? It strikes me that this would be a non-issue
> if the key were not loaded prior to the banners being exchanged. Though I
> do understand that this is a very atypical use-case for the ProxyCommand
> flag.

Doing it early allows reporting problems prior to attempting to establishing
a connection.

Could you implement your tooling as an agent? Keys are loaded from that
a little more asynchronously IIRC.


More information about the openssh-unix-dev mailing list