This patches allows ssh-add to try and load all the identity files listed in ssh_config or ~/.ssh/config. In addition ssh-add will try and use passphrases from a previous key first before prompting for a passphrase (only if there is more than one IdentityFile listed)
Created attachment 16 [details] ssh-add.c patch to search ssh_config for IdentityFile(s)
i don't like the idea of parsing ssh_config in ssh-add. -current ssh-add tries to load all 3 default key. that's enough for the default. it's easy to add more keys on the command line.
> i don't like the idea of parsing ssh_config in ssh-add. > > -current ssh-add tries to load all 3 default key. > that's enough for the default. > > it's easy to add more keys on the command line. Markus, One reason we want this is so that we can specify non-standard locations for identity files for app accounts that run daemons, things from cron, etc... It's a small patch and not at all far-fetched. I just ran smack into the MaxStartups option. How did that bug^H^H^Hfeature ever get in anyways. Nico
> I just ran smack into the MaxStartups option. How did that > bug^H^H^Hfeature ever get in anyways. I take this back, I get the point of that feature. I ran into it stress-testing OpenSSH. :) Nico
/usr/bin/ssh is the only program that should read ssh_config. passing non-default keys to ssh-add is easy with the current version of ssh-add. of course we could have options and defaults for all kinds of uses, but openssh is already very fat.
wontfix
Mass change of RESOLVED bugs to CLOSED
I was just going to make the same suggestion as Jason, but found that the ideas has been rejected already. From the user's perspective, it would be really nice ssh-add just works according to the Principle of Least Surprise, rather than according to arbitrary decisions of the developer not to read a config file. The OpenSSH clients are a suite -- why shouldn't they work together nicely?