openssh bugs - Jul 2024 - [Bug 3712] New: ssh-add should respect AddKeysToAgent default in ~/.ssh/config

https://bugzilla.mindrot.org/show_bug.cgi?id=3712

            Bug ID: 3712
           Summary: ssh-add should respect AddKeysToAgent default in
                    ~/.ssh/config
           Product: Portable OpenSSH
           Version: 9.8p1
          Hardware: 68k
                OS: Mac OS X
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh-add
          Assignee: unassigned-bugs at mindrot.org
          Reporter: gray at nxg.name

The option -t tells ssh-add to add keys with a given lifetime.  The
AddKeysToAgent option, described in ssh_config(5), does the same
general thing.  One of the places that option is useful, would be in
setting a (lower-than-standard) default lifetime for keys added
interactively.

However ssh-add appears _not_ to consult ~/.ssh/config (ssh-add(1)
doesn't claim it does, and experimentally, setting this option there
has no effect on the lifetime of keys added to the agent).  Thus, there
appears to be no way of setting a lower-than-stock lifetime for
ssh-add, other than giving the -t option each time.

I suggest that it would be useful for ssh-add to consult this
configuration file, and respect this option.  If only on a Principle Of
Least Astonishment.

I've reported this against the most recent OpenSSH version, but only
directly confirmed it using OpenSSH_9.0p1 on macOS.  Tracing ssh-add
from OpenSSH_9.5p1 on current FreeBSD, it doesn't seem to look for
~/.ssh/config.  Finally, examining <https://man.openbsd.org/ssh-add>,
there is no mention of ~/.ssh/config in the FILES section of the most
up-to-date manpage.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3712

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |djm at mindrot.org
         Resolution|---                         |WONTFIX

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
We don't have any desire to make ssh-add read ~/.ssh/config - that
configuration file is for a different too and AddKeysToAgent is an even
more specialised option, so having ssh-add change it's behaviour based
on that would be IMO greatly surprising.

OTOH ssh-agent already has a flag to set a default key lifetime (-t), I
recommend you consider that.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.