When I first ssh to a system, I am asked for the password to unlock the private key file. Thereafter, that key file remains unlocked, and subsequent ssh sessions will not prompt for a password. I can always re-lock the key file by running "ssh-add -D". In a script I have that runs sshfs to mount a remote directory, I want to re-lock that key file _unless_ it was already unlocked, i.e., if I sshfs asks for a password, I want to re-lock the key file immediately after the command is run. How can I determine ahead of time whether the key file is already unlocked? In the past (Centos 6) I could examine the output from "ssh-add -l" determine that. Now, "ssh-add -l" just shows the public key whether of not the private key has been unlocked. There is also no apparent way to see whether or not sshfs asked for a password. Suggestions? -- Bob Nichols "NOSPAM" is really part of my email address. Do NOT delete it.
Am 07.01.22 um 23:35 schrieb Robert Nichols:> When I first ssh to a system, I am asked for the password to unlock > the private key file. Thereafter, that key file remains unlocked, and > subsequent ssh sessions will not prompt for a password. I can always > re-lock the key file by running "ssh-add -D". In a script I have that > runs sshfs to mount a remote directory, I want to re-lock that key > file _unless_ it was already unlocked, i.e., if I sshfs asks for a > password, I want to re-lock the key file immediately after the command > is run. > > How can I determine ahead of time whether the key file is already > unlocked? In the past (Centos 6) I could examine the output from > "ssh-add -l" determine that. Now, "ssh-add -l" just shows the public > key whether of not the private key has been unlocked. There is also no > apparent way to see whether or not sshfs asked for a password. > > Suggestions? >Look at ssh-add -T <pubkey-file>. This will test if the private key for the given public key is available through the agent.