Allow for additional files for ssh-add

[jankatins]

According to the docs, ssh-add only adds certain keyfiles.

ssh-add adds private key identities to the authentication agent, ssh-agent(1).
When run without arguments, it adds the files ~/.ssh/id_rsa, ~/.ssh/id_dsa,
~/.ssh/id_ecdsa and ~/.ssh/identity.

Sometimes there is the need to add more keyfiles.

This is now possible by setting the SSH_ADD_ADDITIONAL_KEYFILES environment
variable to the comma separated list of additional keyfiles in ~/.ssh/

set "SSH_ADD_ADDITIONAL_KEYFILES=keyfile1_rsa,keyfile2_rsa2"
start-ssh-agent

Report: cmderdev/cmder#1062

[dscho]

Are we really the first ones to solve this problem? If not, how do others solve it?

[jankatins]

cmder had an agent script which simply added all *_rsa keys in one go (=no default keys added, e.g. no id_dsa or identity, but all *_rsa): https://github.com/cmderdev/cmder/blob/4651201b6c78ad1834b431a9a1c15b631ad1b45e/bin/agent.cmd#L26-L43 (so our switch to the git provided one prompted the issue as a user complained about the regression)

The help at github only talks about using ssh-add directly: https://help.github.com/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/#adding-your-ssh-key-to-the-ssh-agent

googling for "ssh-add more than one key" also wasn't so helpful: Best I found was things like http://stackoverflow.com/a/26483359/1380673 which use ssh-add directly

Googling for ssh-agent wrapper and ssh-add wrapper resulted in this:

• https://github.com/erezak/ssh-agent-wrapper-win -> id_* are added according to the docs
• https://github.com/ccontavalli/ssh-ident -> Seems to use an additional config file where all keys have to be specified
• https://gist.github.com/X0rg/1642951337f55f57678f -> alias for ssh and adds a key on demand if the user is specified in ~/.ssh/config (=gets the keyfile from the config file)

There are also a lot of bash snippets, e.g. http://stackoverflow.com/a/18915067/1380673, https://gist.github.com/rezlam/850855, https://gist.github.com/gxela/5883418. The last is actually interesting as it also loads all *.pem keyfiles.

So that doesn't look like there is a "default" for the "more than one key" usecase. I guess most users simply use ssh-add with only one key. And if they have more than one key, use some variant of the various bash snippets floating around, which are then trivial to add support for more than one key...

I could actually live with load every id_* or load every *_rsa solution (=without a special env variable)... Or letting start-ssh-agent take keyfiles as arguments (which would make the patch trivial: simply add %* after the ssh-add call -> if it is empty, the default behaviour will happen and if you add keyfiles they will be passed to the ssh-add call) ...

[jankatins]

Actually the last idea works great:

λ start-ssh-agent.cmd
Found ssh-agent at 7812
Found ssh-agent socket at /tmp/ssh-PeY5lmKPqlf1/agent.4748
Starting ssh-agent:  done
Enter passphrase for /c/Users/jschulz/.ssh/id_rsa:
Identity added: /c/Users/jschulz/.ssh/id_rsa (/c/Users/jschulz/.ssh/id_rsa)

# here I'm killing the ssh-agent process ...

λ start-ssh-agent.cmd /c/Users/jschulz/.ssh/id_rsa c:\Users\jschulz\.ssh\id_rsa3
Found ssh-agent at 7812
Found ssh-agent socket at /tmp/ssh-PeY5lmKPqlf1/agent.4748
Starting ssh-agent:  done
Enter passphrase for /c/Users/jschulz/.ssh/id_rsa:
Identity added: /c/Users/jschulz/.ssh/id_rsa (/c/Users/jschulz/.ssh/id_rsa)
c:\Users\jschulz\.ssh\id_rsa3: No such file or directory

[jankatins]

Change the implementation to the trivial one which needs keyfiles on the start-ssh-agent call :-)

[jankatins]

Ok, it doesn't: the current start-ssh-agent script depends on %* beeing commands which are called in the end. -> reverted to the original state...

[dscho]

I could actually live with load every id_* or load every *_rsa solution (=without a special env variable)...

Personally, I would prefer that... Dunno. Do you have any strong opinion?

[jankatins]

I don't care. Or better: I actually have a potential use case for the *.pem files.

@svenluijten do you want to voice an opinion here?

[dscho]

Good news! We may not need any patch at all... Git for Windows 2.9.3(2) just shipped, including OpenSSH 7.3p1. This OpenSSH version most notably supports the AddKeysToAgent setting. From http://superuser.com/questions/325662/how-to-make-ssh-agent-automatically-add-the-key-on-demand/1114257#1114257:

ssh supports adding a key to the agent on first use (since version 7.2). You can enable that feature by putting the following into ~/.ssh/config

AddKeysToAgent yes

This also works when using derivative tools, such as git.

From the 7.2 changelog:

• ssh(1): Add an AddKeysToAgent client option which can be set to
  'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When
  enabled, a private key that is used during authentication will be
  added to ssh-agent if it is running (with confirmation enabled if
  set to 'confirm').

[jankatins]

@dscho Nice! Lets close this then :-)