Please add support for ssh-add -c (ask confirmation for every use of key)
The identities in my .ssh directory are added automatically upon login. Using ssh to log in and requiring the use of the private key, the gnome-keyring-daemon prompts for the passphrase to unlock the key. This happens only once (key stays unlocked).
I can add and delete identities with ssh-add the same as with the original ssh-agent.
There is, however, no support for the -c
flag of ssh-add which tells the agent to prompt for every use of the key.
Example of the interaction:
ssh-add -c
Enter passphrase for /home/user/.ssh/id_rsa (will confirm each use):
Could not add identity "/home/user/.ssh/id_rsa": communication with agent failed
The confirmation requirement is a useful security feature; it prevents hijacking and abuse of a connection when the agent is forwarded. Anybody with sufficient privileges on the ssh server could potentially abuse the agent connection to log in to other machines without the user's knowledge.
Version: gnome-keyring 3.20.0-3 (Debian stretch)