search for: addkeystoag

https://bugzilla.mindrot.org/show_bug.cgi?id=2670 Bug ID: 2670 Summary: Add ssh_config option that sets the lifetime of the key if added via AddKeysToAgent Product: Portable OpenSSH Version: 7.2p2 Hardware: amd64 OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: dereks at...

https://bugzilla.mindrot.org/show_bug.cgi?id=3712 Bug ID: 3712 Summary: ssh-add should respect AddKeysToAgent default in ~/.ssh/config Product: Portable OpenSSH Version: 9.8p1 Hardware: 68k OS: Mac OS X Status: NEW Severity: enhancement Priority: P5 Component: ssh-add Assignee: unassign...

https://bugzilla.mindrot.org/show_bug.cgi?id=2564 Bug ID: 2564 Summary: ssh_config AddKeysToAgent doesn't set key name/path Product: Portable OpenSSH Version: 7.2p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.o...

https://bugzilla.mindrot.org/show_bug.cgi?id=2620 Bug ID: 2620 Summary: Option AddKeysToAgent doesnt work with keys provided by PKCS11 libraries. Product: Portable OpenSSH Version: 7.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh-agent...

...ssibly more). Looks like the option in ignored completely. I bisected the issue and found this commit to be the culprit: commit f361df474c49a097bfcf16d1b7b5c36fcd844b4b Author: jcs at openbsd.org <jcs at openbsd.org> Date: Sun Nov 15 22:26:49 2015 +0000 upstream commit Add an AddKeysToAgent client option which can be set to 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a private key that is used during authentication will be added to ssh-agent if it is running (with confirmation enabled if set to ...

Hello, With the introduction of SSH_ASKPASS_REQUIRE in version 8.4, I've set up a script for SSH_ASKPASS to query my local passwordstore (https://www.passwordstore.org/) vault to retrieve the password for a given key. This works for ssh-add as well as ssh (configured with AddKeysToAgent set to 'yes'). My workflow effectively transforms into entering the password for the GPG key used to encrypt my vault for any given key. It works especially well now that I don't have to alter DISPLAY and confuse gpg's pin input inference. Thanks for that enhancement! The tricky...

...e: > > > alias ssh='ssh-add -l | grep -q . || sshadd ; ssh' > > ...though the message "The agent has no identities." would be printed to > stderr, for better or for worse. Perhaps that should require a higher > log_level (via -v). Are you aware of ssh's AddKeysToAgent option? It seems to already do what you're trying to implement here. -d

...Wed, 5 Jun 2024 at 22:20, Chris Green <cl at isbd.net> wrote: > If I set a timeout for a specific host's key does it set the timeout > for just that key/host? [...] > Host backup > IdentityFile ~/.ssh/backup_id_rsa > IdentityAgent 600 I think you meant AddKeysToAgent? > Will it just time out the key saved for backup and leave any other > keys with the default no timeout? Yes this will only affect the key added when connecting to this host. -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6F...

...(as in the example) *imply* >> IdentitiesOnly? > > Probably not. What version are you using? Is this key in the agent > or do you need to supply a passphrase? > My client is 7.4 or newer, but the peers might be many years old. The oldest I found was version 6.0 on AIX. "AddKeysToAgent yes" is set. > For recent versions each key has an annotation that says whether or > not the key file was supplied by the user (ie either in the config > file or on the command line). It should prefer keys that were both > specified in the config *and* in the agent, and it sho...

Hi, I usually have around 10 identities loaded in my local ssh-agent and when I use the "ForwardAgent" option all them are forwarded to the remote server, which is not ideal. I usually only need to forward one (or two) of the identities and I would like to be able to choose which one(s) to forward. Looking for solutions it seems that the only option is to create a new ssh-agent, add

...s|NEW |RESOLVED Resolution|--- |FIXED CC| |djm at mindrot.org --- Comment #1 from Damien Miller <djm at mindrot.org> --- Its been possible to specify a lifetime for keys added to an agent via AddKeysToAgent for a few releases now. Between this and the timeout options in ssh-add and ssh-agent, I think you can achieve what you're asking for -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.

If one wants to go this way, then I just discovered Tags it should work like this (I haven?t tested it and never used tags) Match tagged FA ForwardAgent yes ControlPath ~/.ssh/controlmaster-%r@%h-%p-forwardagent ControlMaster off ? and then to have a session with forwarding: ssh -P FA user at host But I still think we should be able to setup ssh to just do the right thing if the

...'s possible to hack around this annoyance, but such hacks are inevitably brittle. OpenSSH should just do quietly do the right thing, as it does in other cases. Please find included a patch (against OpenBSD's OpenSSH) to fix this. By way of specification, I'll quote ssh_config(5): AddKeysToAgent Specifies whether keys should be automatically added to ssh-agent(5) (if running). If this option is set to ``yes'' and a key is loaded from a file, this key and all keys with either the same or an empty passphrase are added to the agent (with the default lifetime), as if b...

https://bugzilla.mindrot.org/show_bug.cgi?id=2191 Bug ID: 2191 Summary: Feature Proposal: Add an identity to the agent automatically when loading the identity Product: Portable OpenSSH Version: 6.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5

If I set a timeout for a specific host's key does it set the timeout for just that key/host? I.e. if I do something like in ~/.ssh/config:- # # # backup, use public-key authentication # Host backup IdentityFile ~/.ssh/backup_id_rsa IdentityAgent 600 Will it just time out the key saved for backup and leave any other keys with the default no timeout? --

Hi folks, I've got a moderate number of keys in my ssh config file. Problem: Very often I get an error message like Received disconnect from 2001:db8::8077 port 999:2: Too many authentication failures Authentication failed. AFAIU the ssh-agent is to blame here, trying out all keys he has ever seen. This conflicts with MaxAuthTries 6, set by default on the peer. The solution seems to be to

...ration debug1: No more authentication methods to try. root at testhost: Permission denied (publickey) To reproduce: 1. ssh-keygen -t ed25519-sk -O application=ssh:mytestkey -O verify-required 2. copy public key to authorized_keys 3. login: ssh -i ~/.ssh/id_ed25519_sk root at testhost (config has AddKeysToAgent yes) 4. exit ssh shell 5. login again When using Fido2 keys generated without -O verify-required, ssh-agent works as expected, asking only for touch verification when the local passphrase has been cached. Expected behavior: ssh-agent should ask for the Fido2 device Pin to be entered when...

...: mikko.rantalainen at peda.net Steps to reproduce: $ cat ~/.ssh/config ControlMaster auto ControlPath ~/.ssh/connections/%r@%h:%p ControlPersist 1 Host workstation HostName remote.example.com HostKeyAlias workstation ForwardX11 yes ForwardX11Timeout 10h AddKeysToAgent yes ForwardAgent yes With two local terminal sessions A and B. A: ssh workstation B: ssh workstation A: logout The ssh connection to workstation is immediately completed but stderr gets an extra message Shared connection to remote.example.com closed. This is problematic for two re...

https://bugzilla.mindrot.org/show_bug.cgi?id=3079 Bug ID: 3079 Summary: Tracking bug for 8.2 release Product: Portable OpenSSH Version: -current Hardware: Other OS: All Status: NEW Keywords: meta Severity: enhancement Priority: P5 Component: Miscellaneous Assignee:

...xing is now enabled by default (previous releases enabled it for new installations via sshd_config). New Features ------------ * all: add support for RSA signatures using SHA-256/512 hash algorithms based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt. * ssh(1): Add an AddKeysToAgent client option which can be set to 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a private key that is used during authentication will be added to ssh-agent if it is running (with confirmation enabled if set to 'conf...