[PATCH] ssh-add: support parser-friendly operation
Corey Hickey
bugfood-ml at fatooh.org
Tue Jan 14 04:44:18 AEDT 2025
On 2025-01-12 19:58, Damien Miller wrote:
> On Fri, 10 Jan 2025, Corey Hickey wrote:
>
>> On 2025-01-10 01:35, Jochen Bern wrote:
>>> On 10.01.25 00:33, Corey Hickey wrote:
>>>> I took the approach of preserving current behavior by default, but
>>>> another approach would be to:
>>>> * print "The agent has no identities." to stderr instead of stdout
>>>> * exit with a status of 0 instead of 1
>>>
>>> Please don't. If you want to ever get people to load their privkeys into
>>> the agent *with a limited lifetime*, having a trivial, *universal* way
>>> to check whether they have expired by now is an asset.
>>>
>>>> workplace$ egrep ' ssh(|add)=' .bashrc
>>>> alias sshadd='( echo -n "`tput dim`" ; ssh-add -c -t 1800 ; echo -n "`tput
>>>> sgr0`" )'
>>>> alias ssh='ssh-add -l >/dev/null || sshadd ; ssh'
>>
>> With my patch v2, that would need to be:
>>
>>> alias ssh='ssh-add -l | grep -q . || sshadd ; ssh'
>>
>> ...though the message "The agent has no identities." would be printed to
>> stderr, for better or for worse. Perhaps that should require a higher
>> log_level (via -v).
>
> Are you aware of ssh's AddKeysToAgent option? It seems to already do
> what you're trying to implement here.
I think this could help Jochen's use case, but mine is a bit different.
We have a script to import a privileged key; the script is invoked via
sudo on a shared-login system; after that, users can use the key for a
variety of tasks.
For me, I can continue to use a workaround, or potentially redesign the
whole way we such things, so I'm not without a working option.
Still, I think the current ssh-add behavior could be improved, and I can
work on that if any such changes would be acceptable. I sent my
understanding of the options available earlier:
Message-ID: <38d76f8e-0744-4bc5-b6e1-db7197e19ad7 at fatooh.org>
Date: Fri, 10 Jan 2025 11:00:41 -0800
Can you please check that? If any of those seem ok, please let me know
and I will follow up.
Thanks,
Corey
More information about the openssh-unix-dev
mailing list