Hari Sekhon wrote:
I also use this a lot and would be interested in a solution to this.
To my knowledge it requires the password when invoked initially to
decrypt the private key.
There seems to be every option except that one you've asked for.
Alternatives could be to lock and unlock your agent to prevent
unattended logins, but this is nearly as much hassle as not using the
agent at all and manually entering the password to decrypt the private
on every use...
Or to require a lifetime on the key loaded, but again, not 100%
convenient.
If anyone knows an answer to this, I'd also like to change my agent
behaviour to this... I suspect that the software does not support such
a feature at this time...
As a workaround, you could function off all ssh calls to invoke the
agent, check if it has your key and if not, then source it, asking you
for the password one time, and then retaining it and using it for
every future connection. Now I think about this, it's very easy to do
in Bash....
-h
Hari Sekhon
I've done created a Bash solution for now,
alias ssh="ssh-add -l >/dev/null; if [ \$? = 1 ]; then ssh-add; fi; ssh"
hardly elegant, but it does the job. I'm not aware of any technical
reason why ssh-add couldn't defer requesting a password until its
required. If you use ssh without an agent, it only prompts for the
passphrase once its established that it can use the key to authenticate
itself. Looking at the relevent RFC this is by design, so that the
client only incurs the overheads of authenticating with a key if it
knows it can use it. Perhaps there's limitation is in the way that ssh
communicates with the agent.
Chris
