Package: keychain
Version: 2.5.1-1
Severity: wishlist
Tags: patch
Hi,
I usually invoke ssh-add with the -c flag so that I have to confirm each
use of the key.
Having recently discovered keychain, I'd like to keep the old behaviour,
but I can't see an easy way to pass this flag along. (I can't even place
a dummy ssh-add script in my ~/bin to insert the -c option since
keychain reorders $PATH to search the systems directories first...
sensible but annoying.)
So here's a patch to add a --confirm flag to keychain which has the
desired effect. (I've not patched the man page because I'm too lazy. :)
Cheers,
/Liyang
BEGIN PATCH
--- /usr/bin/keychain 2005-01-17 20:09:37.000000000 +0000
+++ keychain 2005-02-22 04:43:01.000000000 +0000
@@ -26,6 +26,7 @@
sunssh=unknown
quickopt=false
quietopt=false
+confirmopt=false
clearopt=false
inheritwhich=local-once
unset stopwhich
@@ -105,6 +106,11 @@
${GREEN}--attempts${OFF} ${CYAN}num${OFF}
Try num times to add keys before giving up. The default is 1.
+ ${GREEN}--confirm${OFF}
+ Indicates that added identities should be subject to confirmation by
+ the SSH_ASKPASS program before being used for authentication. (Only
+ tested with OpenSSH. See the \`-c' option for ssh-add(1).)
+
${GREEN}--clear${OFF}
Delete all of ssh-agent's keys. Typically this is used in
.bash_profile. The theory behind this is that keychain should assume
@@ -1097,6 +1103,9 @@
*) keydir="$1/.keychain" ;; # be backward-compatible
esac
;;
+ --confirm)
+ confirmopt=true
+ ;;
--clear)
clearopt=true
$quickopt && die "--quick and --clear are not compatible"
@@ -1294,6 +1303,13 @@
ssh_timeout="-t $ssh_timeout"
fi
+# --confirm: added identities should be subject to confirmation before being
+# used for authentication.
+if $confirmopt; then
+ ssh_confirm="-c"
+ $openssh || warn "--confirm only(?) works with OpenSSH"
+fi
+
# --clear: remove all keys from the agent(s)
if $clearopt; then
for a in ${agentsopt}; do
@@ -1345,9 +1361,9 @@
if $noguiopt || [ -z "$SSH_ASKPASS" -o -z "$DISPLAY" ]; then
unset SSH_ASKPASS # make sure ssh-add doesn't try SSH_ASKPASS
- sshout=`ssh-add ${ssh_timeout} "$@"`
+ sshout=`ssh-add ${ssh_timeout} ${ssh_confirm} "$@"`
else
- sshout=`ssh-add ${ssh_timeout} "$@" </dev/null`
+ sshout=`ssh-add ${ssh_timeout} ${ssh_confirm} "$@" </dev/null`
fi
[ $? = 0 ] && break
END PATCH
-- System Information:
Debian Release: 3.0
Architecture: i386
Kernel: Linux portal 2.4.24 #1 Mon Feb 9 22:57:26 GMT 2004 i686
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
