SSH agent not silent enough

Tertius3
Tertius3
Community Member
edited May 2023 in SSH

Do you know one of the core unix principles? Unix is silent. It is assumed the user knows what he does.
But every time, the ssh client tries to access the agent after some minutes or hours or a reboot, I get 2 popups: one for allowing access to the agent, then immediately after it another popup for the Windows Hello pin prompt. This severely intrudes established workflows. It's tedious, especially the 1st popup. Always have to click it away makes me ignoring what it says. The Windows Hello prompt can be used or not, depending on how paranoid you are.

But in general, ssh agents were designed to silently serve ssh keys loaded into it. They just run in background and serve the keys. Please make it so.
The current implementation is so that I deactivated the 1Password agent and use pageant again.

If you insist to protect the user from unauthorized agent use, please offer options for turning on and off paranoid mode. I don't need it - I just want the agent silently serve requests and to be able to store the private key not as file but as entry in 1Password. Storing in 1Password with its cloud sync to have it automatically available on every machine I use is the benefit I see from using 1Password as ssh agent. Not the prompting to allow access to it.

Especially the 1st prompt to allow agent access is completely useless, because after a few popups nobody will ever look at the text again and just click it away, regardless if it reported an intruder or a valid connection attempt.


1Password Version: 80700111, im Kanal „NIGHTLY“
Extension Version: Not Provided
OS Version: Windows 10

Comments

  • kzolnowski
    kzolnowski
    Community Member

    Hey,

    I agree. ssh-agent should prompt once - on first key usage. It should have same behaviour as original ssh-agent when I'm adding encrypted key. It ask me for password once until next machine reboot.

  • Over the past couple of weeks we have made a number of improvements to the authorization model to reduce the number of prompts. The agent still does not have the behavior you describe, but we are considering making more changes to further reduce the amount of prompting.

  • You can now opt in to an authorization model that enables key usage globally for every app, using the Approve for all applications checkbox. This makes it behave more like the standard OpenSSH agent model.

This discussion has been closed.