This was working fine in fed 28, not working in fed 29
gnome-session is started via ssh-agent in Xclients.gnome-session.sh
#!/bin/sh
exec -l $SHELL -c "$SSH_AGENT gnome-session"
To prevent ssh agent hijacking I intend to use ssh-add -c, like:
ssh-add -c id_rsa
the goal is to make sure that there is a dialog which always asks for confirmation. However, when I do this and try to ssh somewhere, it says:
sign_and_send_pubkey: signing failed: agent refused operation
and then asks for password. If I run
ssh-add id_rsa
then ssh-ing works again. How could I ensure that there is a confirmation for agent forwarding?
------------------------------------- UPDATE ----------------------------------------
I have determined that the above is not working because my SSH_ASKPASS variable is no longer utilised from .bashrc. The SSH_ASKPASS is linked to a simple zenity script, as per the ssh-add man page, with successful confirmation being signaled by a zero.
I would appreciate if anyone can advise me on where SSH_ASKPASS variable should be set when starting ssh-agent from Xclients file. As it stands ssh-agent defaults to /usr/libexec/openssh/ssh-askpass which is the binary from the openssh-askpass program, whether openssh-askpass is installed or not.