Sending envvars via ssh agent protocol

Jochen Bern Jochen.Bern at
Sun Sep 12 22:46:26 AEST 2021

On 12.09.21 00:11, Jim Knoble wrote:
>> On Sep 11, 2021, at 10:05, Peter Stuge <peter at> wrote:
>> ssh-agent is apparently often started in the wrong context,
>> because "ssh-add -c" confirmation doesn't work for a lot of people. :\
> On a recent Ubuntu [...] install, I had to disable the gnome-keyring-ssh
> thingy [...] because it was unexpectedly supplying passphrases to my keys
> without asking me. [...]
> If that's common across Ubuntu flavors, then I wouldn't be surprised if a
> large number of folks have ssh-agents that don't have the right context
> for 'ssh-add -c'.

I watched a user have a FAIL with "-c" just last week. He's using the 
WSL2 of his Win10 machine, which IIUC is an Ubuntu as well, so maybe 
that's his problem. I have to say that I associate that behaviour 
primarily with GNOME's agent system, rather than a particular distrib, 

However, the one :-C case I did get to analyze to the bottom is my own 
workplace machine, back then being set up with Fedora 31, KDE spin. The 
problem *there* was that the default install would include 
/usr/bin/ksshaskpass, but not set $SSH_ASKPASS to point to it, so 
ssh-add would still try (the nonexisting) 
/usr/libexec/openssh/ssh-askpass. Installing the openssh-askpass package 
took care of that, but. :-/

(Yes, the installed executable is the GNOME version, but it refrains 
from throwing in the agents. And the popup stands out better than the 
theme-conforming KDE variant ...)

Jochen Bern

Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the openssh-unix-dev mailing list