ssh private key password

nodata lsof at
Thu Jan 8 22:02:14 UTC 2009

Am Donnerstag, den 08.01.2009, 16:54 -0500 schrieb Ricky Zhou:
> On 2009-01-08 10:42:28 PM, nodata wrote:
> > > Then why using ssh-add(1)?!
> > 
> > To add my key to ssh-agent.
> > 
> > > 
> > > > I also find this a little disconcerting: I don't like giving my private
> > > > key's to programs that ask for it.
> > > 
> > > Neither do I, but this one is _meant_ to do so.
> > 
> > But can't I chose which program stores my key? I'd rather something with
> > less code stores it.
> From the ssh-add manpage:
>              If ssh-add needs a passphrase, it will read the passphrase from
>              the current terminal if it was run from a terminal.  If ssh-add
>              does not have a terminal associated with it but DISPLAY and
>              SSH_ASKPASS are set, it will execute the program specified by
>              SSH_ASKPASS and open an X11 window to read the passphrase.  This
>              is particularly useful when calling ssh-add from a .xsession or
>              related script.  (Note that on some machines it may be necessary
>              to redirect the input from /dev/null to make this work.)
> Perhaps the dialog that pops up is the program specified by your
> SSH_ASKPASS environmental variable?  I'm pretty sure that this is only
> for prompting, and the passphrase still only gets stored by ssh-agent.
> Thanks,
> Ricky

I'm wondering when this changed (F10)? I'm sure it didn't act like this
in F9.

In F9, I would only be prompted to enter my passphrase if I sshed to a
box that accepted pubkey authentication and a ssh-agent did not already
have the key.
In F10 it asks earlier: when ssh-add is run.

But oh well, it does.

More information about the fedora-devel-list mailing list