Exit status on `ssh-add` failure
Wiktor Kwapisiewicz
wiktor at metacode.biz
Tue Jun 2 18:40:00 AEST 2026
Hi,
On 2.06.2026 01:22, Damien Miller wrote:
> try this
>
> diff --git a/ssh-add.c b/ssh-add.c
> index 2788f7e..410277b 100644
> --- a/ssh-add.c
> +++ b/ssh-add.c
> @@ -392,12 +392,15 @@ add_file(int agent_fd, const char *filename, int key_only, int cert_only,
> /* Now try to add the certificate flavour too */
> xasprintf(&certpath, "%s-cert.pub", filename);
> if ((r = sshkey_load_public(certpath, &cert, NULL)) != 0) {
> - if (r != SSH_ERR_SYSTEM_ERROR || errno != ENOENT)
> + if (r != SSH_ERR_SYSTEM_ERROR || errno != ENOENT) {
> + ret = -1;
> error_r(r, "Failed to load certificate \"%s\"",
> certpath);
> + }
> goto out;
> }
>
> + ret = -1; /* cert errors after here yield a nonzero exit status */
> if (!sshkey_equal_public(cert, private)) {
> error("Certificate %s does not match private key %s",
> certpath, filename);
> @@ -429,6 +432,7 @@ add_file(int agent_fd, const char *filename, int key_only, int cert_only,
> goto out;
> }
> /* success */
> + ret = 0;
> if (!qflag) {
> fprintf(stderr, "Certificate added: %s (%s)\n", certpath,
> private->cert->key_id);
Yes, this one works in both cases: returns exit code 1 when cert
addition fails (but the key succeeded) and returns exit code 0 when
everything works fine.
As far as I'm concerned this is fine.
Thank you!
Kind regards,
Wiktor
More information about the openssh-unix-dev
mailing list