Hi, first let me thank you all for writing and maintainig OpenSSH. Working with Linux for almost 20 years, my life would be totally different without OpenSSH. And it wouldn't be any better. I have recently experimented with ssh-add -c -t and AddKeysToAgent to reduce attack vectors against my ssh-agent connections. While this seems to me generally useable, having a graphical ssh-askpass pop up so often has been proven to be generally annoying. Additionally, I frequently ssh to another host with AgentForwarding and X11 Forwarding disabled, start another agent there, load a key there and ssh to a second host. That way, the second ssh-agent doesn't have a display to invoke ssh-askpass. Is there a way to have a non-graphical ssh-askpass on the terminal, even if that means to have the ssh-client that was just invoked prompt for confirmation like it does for the passphrase with AddKeysToAgent enabled? Also, how about allowing wildcards in IdentityFile, therefore allowing things like IdentityFile %d/.ssh/id_* ? Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421