On Tue, Nov 20, 2007 at 07:01:21PM +0000, Christopher Key wrote: > I've done created a Bash solution for now, > > alias ssh="ssh-add -l >/dev/null; if [ \$? = 1 ]; then ssh-add; fi; ssh" > > hardly elegant, but it does the job. I'm not aware of any technical > reason why ssh-add couldn't defer requesting a password until its > required. This is technically infeasible, if not impossible. ssh-add needs to ask you for your passphrase. A process can't run in the background if it needs to ask the user for input... It needs to run in the foreground until it does this, and it needs to stay connected to your terminal so it can ask you for it -- it would tie up your terminal until it determined it needed your passphrase. If you put this in your .profile or whatever other login file, you would never get a shell prompt until you typed your passphrase. I suppose if you were in X it could conceivably spawn an X client to pop up a dialog to ask you for the passphrase, but that could only work in X. Also, how would ssh know if you didn't have a key for this connection, or if you just hadn't yet typed your passphrase? If the user had a long passphrase, and made several mistakes typing it, the ssh connection could time out before you got it right. Even if it's technically possible, it's really gross. And for what benefit? So you can delay typing your passphrase, which you're going to need to type eventually anyway? It seems to me trying to hack this in is totally not worth it. If you want to delay, just don't run ssh-add until you need to ssh... The requirements of this feature are ridiculously complex, all to avoid having to type 7 characters (i.e. by putting ssh-add in your .profile instead of just typing it when you know you're going to need it). -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D
Attachment:
pgpAMpqCHxpYA.pgp
Description: PGP signature