Exit status on `ssh-add` failure
Damien Miller
djm at mindrot.org
Mon Jun 1 18:35:41 AEST 2026
On Mon, 1 Jun 2026, Wiktor Kwapisiewicz wrote:
> > This is intentional but somewhat legacy, dating from when certificate
> > support
> > was fairly rare in ssh-agent.
>
> Understood. Would it be a good idea to document this behavior somewhere? (e.g.
> in man pages of ssh-add or under EXIT STATUS section). If so, I can send a
> patch (this should be minimal).
maybe it's time to change the behaviour?
diff --git a/ssh-add.c b/ssh-add.c
index 2788f7e..ca5d206 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -398,6 +398,7 @@ add_file(int agent_fd, const char *filename, int key_only, int cert_only,
goto out;
}
+ ret = -1; /* cert errors after here yield a nonzero exit status */
if (!sshkey_equal_public(cert, private)) {
error("Certificate %s does not match private key %s",
certpath, filename);
More information about the openssh-unix-dev
mailing list