On 2025-01-12 19:58, Damien Miller wrote:
On Fri, 10 Jan 2025, Corey Hickey wrote:
On 2025-01-10 01:35, Jochen Bern wrote:
On 10.01.25 00:33, Corey Hickey wrote:
I took the approach of preserving current behavior by default, but
another approach would be to:
* print "The agent has no identities." to stderr instead of stdout
* exit with a status of 0 instead of 1
Please don't. If you want to ever get people to load their privkeys into
the agent *with a limited lifetime*, having a trivial, *universal* way
to check whether they have expired by now is an asset.
workplace$ egrep ' ssh(|add)=' .bashrc
alias sshadd='( echo -n "`tput dim`" ; ssh-add -c -t 1800 ; echo -n "`tput
sgr0`" )'
alias ssh='ssh-add -l >/dev/null || sshadd ; ssh'
With my patch v2, that would need to be:
alias ssh='ssh-add -l | grep -q . || sshadd ; ssh'
...though the message "The agent has no identities." would be printed to
stderr, for better or for worse. Perhaps that should require a higher
log_level (via -v).
Are you aware of ssh's AddKeysToAgent option? It seems to already do
what you're trying to implement here.
I think this could help Jochen's use case, but mine is a bit different.
We have a script to import a privileged key; the script is invoked via
sudo on a shared-login system; after that, users can use the key for a
variety of tasks.
For me, I can continue to use a workaround, or potentially redesign the
whole way we such things, so I'm not without a working option.
Still, I think the current ssh-add behavior could be improved, and I can
work on that if any such changes would be acceptable. I sent my
understanding of the options available earlier:
Message-ID: <38d76f8e-0744-4bc5-b6e1-db7197e19ad7@xxxxxxxxxx>
Date: Fri, 10 Jan 2025 11:00:41 -0800
Can you please check that? If any of those seem ok, please let me know
and I will follow up.
Thanks,
Corey
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
