[PATCH] ssh-add: support parser-friendly operation

[Jochen Bern]

On 13.01.25 04:58, Damien Miller wrote:
> On Fri, 10 Jan 2025, Corey Hickey wrote:
>> On 2025-01-10 01:35, Jochen Bern wrote:
>>>> workplace$ egrep ' ssh(|add)=' .bashrc
>>>> alias sshadd='( echo -n "`tput dim`" ; ssh-add -c -t 1800 ; echo -n "`tput sgr0`" )'
>>>> alias ssh='ssh-add -l >/dev/null || sshadd ; ssh'
>>
>> With my patch v2, that would need to be:
>>> alias ssh='ssh-add -l | grep -q . || sshadd ; ssh'
> 
> Are you aware of ssh's AddKeysToAgent option? It seems to already do
> what you're trying to implement here.

It seems¹ to do the trick on my workplace machine, and probably² would 
do it for other users, too, thanks. What it can *not* cover, however, is 
my other example from our jump hosts³.

¹ As far as I can tell from the manpage and a short web trawl. In 
particular, I'm still unclear how it handles the case of an 
*already*-loaded privkey: Do nothing? Restart key's lifetime? Reload 
anyway (though *that*, by requiring passphrase entry, would make it 
rather useless, I guess)?

² I'm using almost *exclusively* a set of few "main" user keypairs, that 
may not be true with other users here. The web search suggests that I 
can control what keys AddKeysToAgent will try to load with IdentityFile? 
Or would it try to load from the default filenames as well?

³ In a nutshell, "if the forwarded agent does not have a key (anymore, 
due to limited lifetime), do *not* exec() the ssh/scp/sftp he typed and 
instead output a message that he should (re)load some *back on his own 
machine* first". Saves time, and false alerts in the logs ...

Kind regards,
-- 
Jochen Bern
Systemingenieur

Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4336 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20250114/397a1947/attachment.p7s>