search for: addkeystoagent

Displaying 20 results from an estimated 31 matches for "addkeystoagent".

2017 Jan 27
7
[Bug 2670] New: Add ssh_config option that sets the lifetime of the key if added via AddKeysToAgent
https://bugzilla.mindrot.org/show_bug.cgi?id=2670 Bug ID: 2670 Summary: Add ssh_config option that sets the lifetime of the key if added via AddKeysToAgent Product: Portable OpenSSH Version: 7.2p2 Hardware: amd64 OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: dereks at li...
2024 Jul 22
1
[Bug 3712] New: ssh-add should respect AddKeysToAgent default in ~/.ssh/config
https://bugzilla.mindrot.org/show_bug.cgi?id=3712 Bug ID: 3712 Summary: ssh-add should respect AddKeysToAgent default in ~/.ssh/config Product: Portable OpenSSH Version: 9.8p1 Hardware: 68k OS: Mac OS X Status: NEW Severity: enhancement Priority: P5 Component: ssh-add Assignee: unassigned-...
2016 Apr 17
6
[Bug 2564] New: ssh_config AddKeysToAgent doesn't set key name/path
https://bugzilla.mindrot.org/show_bug.cgi?id=2564 Bug ID: 2564 Summary: ssh_config AddKeysToAgent doesn't set key name/path Product: Portable OpenSSH Version: 7.2p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org...
2016 Oct 03
6
[Bug 2620] New: Option AddKeysToAgent doesnt work with keys provided by PKCS11 libraries.
https://bugzilla.mindrot.org/show_bug.cgi?id=2620 Bug ID: 2620 Summary: Option AddKeysToAgent doesnt work with keys provided by PKCS11 libraries. Product: Portable OpenSSH Version: 7.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh-agent...
2015 Nov 18
3
AddKeysToAgent break local forwarding (and possibly more)
...ssibly more). Looks like the option in ignored completely. I bisected the issue and found this commit to be the culprit: commit f361df474c49a097bfcf16d1b7b5c36fcd844b4b Author: jcs at openbsd.org <jcs at openbsd.org> Date: Sun Nov 15 22:26:49 2015 +0000 upstream commit Add an AddKeysToAgent client option which can be set to 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a private key that is used during authentication will be added to ssh-agent if it is running (with confirmation enabled if set to 'c...
2020 Oct 06
2
Accessing SSH key path using SSH_ASKPASS and passwordstore
Hello, With the introduction of SSH_ASKPASS_REQUIRE in version 8.4, I've set up a script for SSH_ASKPASS to query my local passwordstore (https://www.passwordstore.org/) vault to retrieve the password for a given key. This works for ssh-add as well as ssh (configured with AddKeysToAgent set to 'yes'). My workflow effectively transforms into entering the password for the GPG key used to encrypt my vault for any given key. It works especially well now that I don't have to alter DISPLAY and confuse gpg's pin input inference. Thanks for that enhancement! The tricky pa...
2024 Jun 05
1
Can one set an agent timeout for a specific host?
...Wed, 5 Jun 2024 at 22:20, Chris Green <cl at isbd.net> wrote: > If I set a timeout for a specific host's key does it set the timeout > for just that key/host? [...] > Host backup > IdentityFile ~/.ssh/backup_id_rsa > IdentityAgent 600 I think you meant AddKeysToAgent? > Will it just time out the key saved for backup and leave any other > keys with the default no timeout? Yes this will only affect the key added when connecting to this host. -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA...
2019 Apr 02
2
IdentityFile vs IdentitiesOnly
...(as in the example) *imply* >> IdentitiesOnly? > > Probably not. What version are you using? Is this key in the agent > or do you need to supply a passphrase? > My client is 7.4 or newer, but the peers might be many years old. The oldest I found was version 6.0 on AIX. "AddKeysToAgent yes" is set. > For recent versions each key has an annotation that says whether or > not the key file was supplied by the user (ie either in the config > file or on the command line). It should prefer keys that were both > specified in the config *and* in the agent, and it should...
2020 Oct 04
6
ability to select which identity to forward when using "ForwardAgent" ?
Hi, I usually have around 10 identities loaded in my local ssh-agent and when I use the "ForwardAgent" option all them are forwarded to the remote server, which is not ideal. I usually only need to forward one (or two) of the identities and I would like to be able to choose which one(s) to forward. Looking for solutions it seems that the only option is to create a new ssh-agent, add
2010 Jan 19
1
[Bug 1699] New: [patch] Enhance SSH to automatically add keys to ssh-agent
...'s possible to hack around this annoyance, but such hacks are inevitably brittle. OpenSSH should just do quietly do the right thing, as it does in other cases. Please find included a patch (against OpenBSD's OpenSSH) to fix this. By way of specification, I'll quote ssh_config(5): AddKeysToAgent Specifies whether keys should be automatically added to ssh-agent(5) (if running). If this option is set to ``yes'' and a key is loaded from a file, this key and all keys with either the same or an empty passphrase are added to the agent (with the default lifetime), as if by s...
2013 Dec 28
2
[Bug 2191] New: Feature Proposal: Add an identity to the agent automatically when loading the identity
https://bugzilla.mindrot.org/show_bug.cgi?id=2191 Bug ID: 2191 Summary: Feature Proposal: Add an identity to the agent automatically when loading the identity Product: Portable OpenSSH Version: 6.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5
2024 Jun 05
2
Can one set an agent timeout for a specific host?
If I set a timeout for a specific host's key does it set the timeout for just that key/host? I.e. if I do something like in ~/.ssh/config:- # # # backup, use public-key authentication # Host backup IdentityFile ~/.ssh/backup_id_rsa IdentityAgent 600 Will it just time out the key saved for backup and leave any other keys with the default no timeout? --
2019 Apr 01
2
IdentityFile vs IdentitiesOnly
Hi folks, I've got a moderate number of keys in my ssh config file. Problem: Very often I get an error message like Received disconnect from 2001:db8::8077 port 999:2: Too many authentication failures Authentication failed. AFAIU the ssh-agent is to blame here, trying out all keys he has ever seen. This conflicts with MaxAuthTries 6, set by default on the peer. The solution seems to be to
2023 May 14
18
[Bug 3572] New: ssh-agent refused operation when using FIDO2 with -O verify-required
...ration debug1: No more authentication methods to try. root at testhost: Permission denied (publickey) To reproduce: 1. ssh-keygen -t ed25519-sk -O application=ssh:mytestkey -O verify-required 2. copy public key to authorized_keys 3. login: ssh -i ~/.ssh/id_ed25519_sk root at testhost (config has AddKeysToAgent yes) 4. exit ssh shell 5. login again When using Fido2 keys generated without -O verify-required, ssh-agent works as expected, asking only for touch verification when the local passphrase has been cached. Expected behavior: ssh-agent should ask for the Fido2 device Pin to be entered when the...
2020 Oct 06
5
[Bug 3220] New: Possible bug if ControlMaster + ControlPersist and `-t`
...: mikko.rantalainen at peda.net Steps to reproduce: $ cat ~/.ssh/config ControlMaster auto ControlPath ~/.ssh/connections/%r@%h:%p ControlPersist 1 Host workstation HostName remote.example.com HostKeyAlias workstation ForwardX11 yes ForwardX11Timeout 10h AddKeysToAgent yes ForwardAgent yes With two local terminal sessions A and B. A: ssh workstation B: ssh workstation A: logout The ssh connection to workstation is immediately completed but stderr gets an extra message Shared connection to remote.example.com closed. This is problematic for two reaso...
2019 Oct 09
52
[Bug 3079] New: Tracking bug for 8.2 release
https://bugzilla.mindrot.org/show_bug.cgi?id=3079 Bug ID: 3079 Summary: Tracking bug for 8.2 release Product: Portable OpenSSH Version: -current Hardware: Other OS: All Status: NEW Keywords: meta Severity: enhancement Priority: P5 Component: Miscellaneous Assignee:
2016 Feb 29
0
Announce: OpenSSH 7.2 released
...xing is now enabled by default (previous releases enabled it for new installations via sshd_config). New Features ------------ * all: add support for RSA signatures using SHA-256/512 hash algorithms based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt. * ssh(1): Add an AddKeysToAgent client option which can be set to 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a private key that is used during authentication will be added to ssh-agent if it is running (with confirmation enabled if set to 'confirm...
2024 May 06
1
Feature request/EOI: Match interactive config?
...+(e.g. for +.Xr sftp 1 +sessions), +or +.Xr none +for empty sessions, such as when +.Xr ssh 1 +is started with the +.Fl N +flag. +The +.Cm remotecommand +keyword matches against the remote command as a pattern-list. +For example +.Dq shutdown,reboot,halt* +would match any of these commands. .It Cm AddKeysToAgent Specifies whether keys should be automatically added to a running .Xr ssh-agent 1 .
2024 May 06
1
Feature request/EOI: Match interactive config?
... and I guess your next question will be about compilation environment, so: ``` $ gcc --version gcc (Gentoo 13.2.1_p20240210 p14) 13.2.1 20240210 Copyright (C) 2023 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. ``` I'm running on gentoo. I tested that the
2020 Sep 27
0
Announce: OpenSSH 8.4 released
...RemoteForward when used for Unix domain socket paths. bz#3140 * ssh(1), ssh-agent(1): allow some additional control over the use of ssh-askpass via a new $SSH_ASKPASS_REQUIRE environment variable, including forcibly enabling and disabling its use. bz#69 * ssh(1): allow ssh_config(5)'s AddKeysToAgent keyword accept a time limit for keys in addition to its current flag options. Time- limited keys will automatically be removed from ssh-agent after their expiry time has passed. * scp(1), sftp(1): allow the -A flag to explicitly enable agent forwarding in scp and sftp. The default rem...