Hacker News new | ask | show | jobs
by rfjakob 1733 days ago
From man ssh-add:

     -c      Indicates that added identities should be subject to confirmation be‐
             fore being used for authentication.  Confirmation is performed by
             ssh-askpass(1).  Successful confirmation is signaled by a zero exit
             status from ssh-askpass(1), rather than text entered into the re‐
             quester.
I'm a bit surprised that this is not mention in the article, as this seems very useful to make exploits more difficult.
2 comments
metafunctor 1733 days ago
Yep, or put this in your ~/.ssh/config

  AddKeysToAgent confirm
link
lathiat 1733 days ago
While helpful it mostly just says “ok to sign” and it’s super easy to accidentally say yes by hitting enter at the wrong time.

I need to look into the original post have wanted this for a while.

link