On 13.01.25 04:58, Damien Miller wrote:
On Fri, 10 Jan 2025, Corey Hickey wrote:On 2025-01-10 01:35, Jochen Bern wrote:workplace$ egrep ' ssh(|add)=' .bashrc alias sshadd='( echo -n "`tput dim`" ; ssh-add -c -t 1800 ; echo -n "`tput sgr0`" )' alias ssh='ssh-add -l >/dev/null || sshadd ; ssh'With my patch v2, that would need to be:alias ssh='ssh-add -l | grep -q . || sshadd ; ssh'Are you aware of ssh's AddKeysToAgent option? It seems to already do what you're trying to implement here.
It seems¹ to do the trick on my workplace machine, and probably² would do it for other users, too, thanks. What it can *not* cover, however, is my other example from our jump hosts³.
¹ As far as I can tell from the manpage and a short web trawl. In particular, I'm still unclear how it handles the case of an *already*-loaded privkey: Do nothing? Restart key's lifetime? Reload anyway (though *that*, by requiring passphrase entry, would make it rather useless, I guess)?
² I'm using almost *exclusively* a set of few "main" user keypairs, that may not be true with other users here. The web search suggests that I can control what keys AddKeysToAgent will try to load with IdentityFile? Or would it try to load from the default filenames as well?
³ In a nutshell, "if the forwarded agent does not have a key (anymore, due to limited lifetime), do *not* exec() the ssh/scp/sftp he typed and instead output a message that he should (re)load some *back on his own machine* first". Saves time, and false alerts in the logs ...
Kind regards, -- Jochen Bern Systemingenieur Binect GmbH
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
