4

I use ssh forwarding alot and I'm concerned about "agent hijacking", so, I like to use -c option when calling ssh-add, which enforces confirmation on every key usage.

How can I turn the confirmations on by-default, so I don't have to use -c every time?

inb4 "Use bash aliases, Luke!": aliases are good thing, but I look for more convinient way to enforce this ssh-add behavior. If there just isn't any, aliases will be enough.

Improve this question
2
  • After reading the manual page of ssh-add you will notice that there is no setting which would allow you to do this by default. Ergo the answer is either to use aliases or mv ssh-add to some other location, then call it from a script named ssh-add. But you knew that already. Commented Sep 14, 2014 at 10:17
  • @SamiLaine yes, I've read man page for ssh-add and ssh several times and found no such way - so, I've decided, that I may miss something. So, I've asked this question. If there isn't any, I think, this is a good feature to request. =) Commented Sep 15, 2014 at 8:24

1 Answer 1

Reset to default
4

On macOS Mojave I have the following in ~/.ssh/config:

Host * AddKeysToAgent confirm

From the man page:

Specifies whether keys should be automatically added to a running ssh-agent(1).

If this option is set to "confirm", each use of the key must be confirmed, as if the -c option was specified to ssh-add(1).

So I use plain ssh. The first time I do connect to a server it asks for a password. On subsequent connections it asks for a confirmation (I had to install ssh-askpass).

Improve this answer
2
  • Thank you. I can try to confirm this tomorrow and accept the answer then. Commented Apr 14, 2019 at 7:56
  • Confirmed that it works, marked as an accepted answer. Thanks. Commented Apr 17, 2019 at 11:59

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.