Hi Eldon, thanks for your answer. Am 5. November 2014 08:37:54 MEZ, schrieb Eldon Koyle <ekoyle@xxxxxxxxx>: >I think perhaps you are misunderstanding the '-c' option of ssh-add. Yeah, perhaps I do. >The -c option is meant as an additional barrier to someone hijacking >your agent (ie. if someone gains access as your user, they will be >unable to use your key if they don't also have access to your X >session). I mostly found this option mentioned in connection with agent forwarding, and that's use case I have. The benefit being that no one can use the 'forwarded' key/identity, unless I confirm it. So me forwarding my identity to a server getting hacked does not compromise security. Of course it's more comfortable if it's a window popping up. But what if the forwarding, safe, machine is a machine without x? Maybe this use case was not intended and thus does not work. Funny, that my first tests with the -c option exactly into that corner case... >One purpose of the ssh agent is to avoid having to type in your >passphrase as often. But why it's just clicking a button enough to confirm the use? I world game thought that each use has to be confirmed by the passphrase. So many questions... ;-) Regards, Johannes -- This mail has been sent from my mobile phone. Please excuse the briefness. This mail is not signed cryptographically. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
