Re: Defering passphrase entry with ssh-add



I also use this a lot and would be interested in a solution to this.

To my knowledge it requires the password when invoked initially to decrypt the private key.

There seems to be every option except that one you've asked for. Alternatives could be to lock and unlock your agent to prevent unattended logins, but this is nearly as much hassle as not using the agent at all and manually entering the password to decrypt the private on every use...

Or to require a lifetime on the key loaded, but again, not 100% convenient.

If anyone knows an answer to this, I'd also like to change my agent behaviour to this... I suspect that the software does not support such a feature at this time...

As a workaround, you could function off all ssh calls to invoke the agent, check if it has your key and if not, then source it, asking you for the password one time, and then retaining it and using it for every future connection. Now I think about this, it's very easy to do in Bash....

-h

Hari Sekhon



Christopher Key wrote:
Hello,

Is there any way to invoke ssh-add so that it defers asking for the passphase for my private key until the key is actually required. It seems like such an obvious option to have; it would permit me to have "eval $(ssh-agent) && ssh-add" in my .shrc, but not encumber me with having to enter a passhrase every time I ssh in, nor would it prevent unnattended logins. Am I missing something obvious in the way the system is meant to work? Am I just being lazy in not wanting to run ssh-add before the first time I use ssh?

This question applies to two versions,
OpenSSH_4.4p1, OpenSSL 0.9.8d 28 Sep 2006
OpenSSH_4.5p1 FreeBSD-20061110, OpenSSL 0.9.7e-p1 25 Oct 2004




Relevant Pages

  • Re: Defering passphrase entry with ssh-add
    ... To my knowledge it requires the password when invoked initially to decrypt the private key. ... Alternatives could be to lock and unlock your agent to prevent unattended logins, but this is nearly as much hassle as not using the agent at all and manually entering the password to decrypt the private on every use... ... As a workaround, you could function off all ssh calls to invoke the agent, check if it has your key and if not, then source it, asking you for the password one time, and then retaining it and using it for every future connection. ...
    (SSH)
  • Re: Recent OpenSSH releases not reading .bashrc for ssh commands
    ... behavior when you jump from RHEL 5 to RHEL 6, ... Bash documentation shows that .bash_profile, ... sshd_config or actively sourcing your .bashrc as part of your ssh ... ssh can invoke bash without it then reading .bashrc. ...
    (comp.security.ssh)
  • Re: Does SSH invoke .profile to the user to which it makes a connecti on
    ... SSH does invoke the user's .profile file. ... > I have a script which runs from a particular user, does an rsh to different ...
    (SSH)
  • Re: Anyone used Solaris Secure Shell, Suns productized ssh for Solaris9?
    ... >the rsh "protocol" directly) ... which is why you either use newer versions of rdist, or invoke ... ssh more directly for ufsdump/ufsrestore, and use dd for the pipe, etc. ...
    (comp.security.ssh)
  • Re: Setting env variable via ssh
    ... This application is on a network machine ... accessible via ssh. ... before I can I invoke ... on the remote machine. ...
    (comp.unix.shell)