Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline

On Tue, Nov 20, 2007 at 07:01:21PM +0000, Christopher Key wrote:
> I've done created a Bash solution for now,
> alias ssh="ssh-add -l >/dev/null; if [ \$? = 1 ]; then ssh-add; fi; ssh"
> hardly elegant, but it does the job. I'm not aware of any technical
> reason why ssh-add couldn't defer requesting a password until its
> required.

This is technically infeasible, if not impossible. ssh-add needs to
ask you for your passphrase. A process can't run in the background if
it needs to ask the user for input... It needs to run in the
foreground until it does this, and it needs to stay connected to your
terminal so it can ask you for it -- it would tie up your terminal
until it determined it needed your passphrase. If you put this in
your .profile or whatever other login file, you would never get a
shell prompt until you typed your passphrase. I suppose if you were
in X it could conceivably spawn an X client to pop up a dialog to ask
you for the passphrase, but that could only work in X.

Also, how would ssh know if you didn't have a key for this connection,
or if you just hadn't yet typed your passphrase? If the user had a
long passphrase, and made several mistakes typing it, the ssh
connection could time out before you got it right. Even if it's
technically possible, it's really gross. And for what benefit? So
you can delay typing your passphrase, which you're going to need to
type eventually anyway? It seems to me trying to hack this in is
totally not worth it. If you want to delay, just don't run ssh-add
until you need to ssh... The requirements of this feature are
ridiculously complex, all to avoid having to type 7 characters (i.e.
by putting ssh-add in your .profile instead of just typing it when you
know you're going to need it).

Derek D. Martin
GPG Key ID: 0x81CFE75D

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.1 (GNU/Linux)