On Tue, Apr 07, 2020 at 12:48:34PM -0000, Stuart Henderson wrote:
| > After a discussion at work, I started looking at enabling confirmation
| > before authentication through ssh-agent by default. When logging in
| > through xdm, the default Xsession runs `ssh-add < /dev/null` (see line
| > 36 in /etc/X11/xdm/Xsession). My keys are loaded and I can log in to
| > remote hosts. On some machines, I skip loading the keys or unload
| > them after logging in and then load or re-add them using ssh-add -c,
| > so I am asked for confirmation every time the agent is used.
|
| ITYM /etc/X11/xenodm/Xsession :-)
Yeah, was pointed out to me offline as well; finger memory, sorry!
| I had a similar problem (I wanted some extra keys added by default).
| Xsession is in the xetc set, so it can be modified without being
| overwritten in a standard upgrade, you just need to sysmerge it
| sometimes.
Hmm, that's an excellent point; I'll do that.
| I have a different related problem as well, I would like to add *some*
| keys with -c and others without (i.e. confirm for connecting to more
| important hosts), but don't really want to have to run ssh-add twice
| (i.e. ask for the passphrase twice).
Actually, that would be even nicer. I guess that would mean an option
on the actual key file (the *private* part).
Anyway, your suggestion of "sucking it up" during sysmerge time
(which, in the case of the system Xsession file, doesn't change often
anyway), works for my most prominent use cases .. thank you for the
clue-by-four.
Cheers,
Paul
--
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
http://www.weirdnet.nl/
