Attachment #3683 for bug #3355




.Sh SYNOPSIS
.Nm ssh-add
.Op Fl cDdKkLlqvXx
.Op Fl O Ar option
.Op Fl E Ar fingerprint_hash
.Op Fl H Ar hostkey_file
.Op Fl h Ar destination_constraint

by the agent.
.It Fl l
Lists fingerprints of all identities currently represented by the agent.
.It Fl O Ar option
Specify a key/value option.
These are specific to the operation that
.Nm
has been requested to perform.
.Pp
At present only a single option
.Dq no-touch-required
is supported, which causes resident keys downloaded from FIDO tokens
using the
.Fl K
option to not require touch events (user presence) when making signatures.
.Pp
.It Fl q
Be quiet after a successful operation.
.It Fl S Ar provider

Lines 581-587 lock_agent(int agent_fd, int lock) Link Here

(-)a/ssh-add.c (-3 / +13 lines)
581	}	581	}
582		582
583	static int	583	static int
584	load_resident_keys(int agent_fd, const char *skprovider, int qflag,	584	load_resident_keys(int agent_fd, const char *skprovider, int qflag, int notouch,
585	struct dest_constraint **dest_constraints, size_t ndest_constraints)	585	struct dest_constraint **dest_constraints, size_t ndest_constraints)
586	{	586	{
587	struct sshsk_resident_key **srks;	587	struct sshsk_resident_key **srks;
Lines 598-603 load_resident_keys(int agent_fd, const char *skprovider, int qflag, Link Here
598	}	598	}
599	for (i = 0; i < nsrks; i++) {	599	for (i = 0; i < nsrks; i++) {
600	key = srks[i]->key;	600	key = srks[i]->key;
		601	if (notouch)
		602	key->sk_flags &= ~SSH_SK_USER_PRESENCE_REQD;
601	if ((fp = sshkey_fingerprint(key,	603	if ((fp = sshkey_fingerprint(key,
602	fingerprint_hash, SSH_FP_DEFAULT)) == NULL)	604	fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
603	fatal_f("sshkey_fingerprint failed");	605	fatal_f("sshkey_fingerprint failed");
Lines 792-797 main(int argc, char **argv) Link Here
792	char dest_constraint_strings = NULL, hostkey_files = NULL;	794	char dest_constraint_strings = NULL, hostkey_files = NULL;
793	int r, i, ch, deleting = 0, ret = 0, key_only = 0, do_download = 0;	795	int r, i, ch, deleting = 0, ret = 0, key_only = 0, do_download = 0;
794	int xflag = 0, lflag = 0, Dflag = 0, qflag = 0, Tflag = 0;	796	int xflag = 0, lflag = 0, Dflag = 0, qflag = 0, Tflag = 0;
		797	int notouch = 0;
795	SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;	798	SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
796	LogLevel log_level = SYSLOG_LEVEL_INFO;	799	LogLevel log_level = SYSLOG_LEVEL_INFO;
797	struct dest_constraint **dest_constraints = NULL;	800	struct dest_constraint **dest_constraints = NULL;
Lines 822-828 main(int argc, char **argv) Link Here
822		825
823	skprovider = getenv("SSH_SK_PROVIDER");	826	skprovider = getenv("SSH_SK_PROVIDER");
824		827
825	while ((ch = getopt(argc, argv, "vkKlLcdDTxXE:e:h:H:M:m:qs:S:t:")) != -1) {	828	while ((ch = getopt(argc, argv,
		829	"e:E:h:H:m:M:O:s:S:t:cdDkKlLqTvxX")) != -1) {
826	switch (ch) {	830	switch (ch) {
827	case 'v':	831	case 'v':
828	if (log_level == SYSLOG_LEVEL_INFO)	832	if (log_level == SYSLOG_LEVEL_INFO)
Lines 878-883 main(int argc, char **argv) Link Here
878	goto done;	882	goto done;
879	}	883	}
880	break;	884	break;
		885	case 'O':
		886	if (strcasecmp(optarg, "no-touch-required") == 0)
		887	notouch = 1;
		888	else
		889	fatal("unsupported -O option");
		890	break;
881	case 'd':	891	case 'd':
882	deleting = 1;	892	deleting = 1;
883	break;	893	break;
Lines 970-976 main(int argc, char **argv) Link Here
970	if (do_download) {	980	if (do_download) {
971	if (skprovider == NULL)	981	if (skprovider == NULL)
972	fatal("Cannot download keys without provider");	982	fatal("Cannot download keys without provider");
973	if (load_resident_keys(agent_fd, skprovider, qflag,	983	if (load_resident_keys(agent_fd, skprovider, qflag, notouch,
974	dest_constraints, ndest_constraints) != 0)	984	dest_constraints, ndest_constraints) != 0)
975	ret = 1;	985	ret = 1;
976	goto done;	986	goto done;

Return to bug 3355

Lines 44-49 Link Here

(-)a/ssh-add.1 (+14 lines)
44	.Sh SYNOPSIS	44	.Sh SYNOPSIS
45	.Nm ssh-add	45	.Nm ssh-add
46	.Op Fl cDdKkLlqvXx	46	.Op Fl cDdKkLlqvXx
		47	.Op Fl O Ar option
47	.Op Fl E Ar fingerprint_hash	48	.Op Fl E Ar fingerprint_hash
48	.Op Fl H Ar hostkey_file	49	.Op Fl H Ar hostkey_file
49	.Op Fl h Ar destination_constraint	50	.Op Fl h Ar destination_constraint
Lines 219-224 Lists public key parameters of all identities currently represented Link Here
219	by the agent.	220	by the agent.
220	.It Fl l	221	.It Fl l
221	Lists fingerprints of all identities currently represented by the agent.	222	Lists fingerprints of all identities currently represented by the agent.
		223	.It Fl O Ar option
		224	Specify a key/value option.
		225	These are specific to the operation that
		226	.Nm
		227	has been requested to perform.
		228	.Pp
		229	At present only a single option
		230	.Dq no-touch-required
		231	is supported, which causes resident keys downloaded from FIDO tokens
		232	using the
		233	.Fl K
		234	option to not require touch events (user presence) when making signatures.
		235	.Pp
222	.It Fl q	236	.It Fl q
223	Be quiet after a successful operation.	237	Be quiet after a successful operation.
224	.It Fl S Ar provider	238	.It Fl S Ar provider