[PATCH v2] ssh-add: support external parsing of key listing

Corey Hickey bugfood-ml at fatooh.org
Sat Jan 11 06:00:41 AEDT 2025 

On 2025-01-10 09:57, Jim Knoble wrote:
> 
>> On Jan 9, 2025, at 19:14, Corey Hickey <bugfood-ml at fatooh.org> wrote:
>>
>> To address this, modify ssh-add to:
>> * [...]
>> * exit with a status of 0 instead of 1
> 
> When Damien wrote:
> 
>> Adding a new exit status for the
>> no-keys-in-agent case would be
>> acceptable too I think.
> 
> I interpreted that as "make ssh-add exit with status 2 or 3 or 99, for example, as opposed to 1".
> 
> That is differentiate between:
> 
> - There is an agent, and it has keys, and ssh-add listed them (exit status 0).
> - There is no agent, or there is a problem communicating with the agent (exit status 1).
> - There is an agent, but it has no keys (exit status 2, for example).
> 
> This mirrors the functionality of `diff`, for example, which exits 0, 1, or 2 for different states (no differences, differences found, or some error).
> 
> In that case, the stderr message wouldn't strictly be needed, as the exit status would communicate the reason for no keys to be listed; however, it could be useful to humans. The error message can be suppressed in shell scripts using:
> 
>      ssh-add 2>/dev/null
> 
> Or, for both stderr and stdout:
> 
>      ssh-add >/dev/null 2>&1
> 
> (Note, I haven't looked at the OpenSSH code; there may already be more exit statuses that have additional meanings, so 2 may not be the right choice here).

Ah, hmm. Yes, I get your meaning.

There seem to be several options here and I would like to ask for some 
consensus or a decision from Damien. I can make a patch for whatever 
seems best.

Here are the options as I understand them.

Option 0: do nothing.
Pros:
* Doesn't alter behavior for people relying on current behavior.
Cons:
* Doesn't work as well for scripting.

Option 1: add a new command-line option (e.g. -p) to support 
parser-friendly behavior (original PATCH).
Pros:
* Doesn't alter default behavior.
* Allows user to choose.
Cons:
* Adds a new command-line option.

Option 2: when no keys, exit with status 0 (PATCH v2).
Pros:
* Changes behavior to be work more easily with scripts.
* Doesn't need a new command-line option.
Cons:
* Changes behavior; would break some people's existing usage.

Option 3: when no keys, exit with status 3.
Pros:
* Doesn't alter behavior for people expecting a non-zero status.
* Does allow scripts to detect when there are no keys.
Cons:
* For shell scripting, needs 'set -e' (temporarily) disabled (right?) in 
order to capture exit status.


Separately, there are options for how to handle the message "The agent 
has no identities."

Option A: leave in stdout.
Pros:
* Doesn't alter behavior.
* Informs interactive users.
Cons:
* Puts non-key information in a key listing.

Option B: move to stderr.
Pros:
* More scriptable; key listing is only keys.
* Informs interactive users.
Cons:
* Will show up for people doing 'ssh-add -l >/dev/null'.

Option C: move to stderr, require '-v'.
Pros:
* More scriptable; key listing is only keys.
* Avoids printing a message that isn't really an error.
Cons:
* Doesn't inform interactive users unless they use '-v'.


Thanks,
Corey

More information about the openssh-unix-dev mailing list