Created attachment 1652 [details] ssh-add should not retry key addition without constraints if constraints fail. When ssh-add tries to add a key to the agent with constraints, and the agent rejects the addition, ssh-add appears to retry the addition without constraints. This is dangerous behavior when the agent does not support certain constraints. For example, if a user uses an agent (such as the current ssh-agent implementation in gnome-keyring) that does not support confirmation or maximum lifetime, then using: ssh-add -t 3600 will print an error message but then proceed to re-add the key withut the constrained lifetime. this causes the agent to retain the key far past the specified time, an explicit contravention of the user's declared intent. I expect more conservative behavior from openssh when handling sensitive material. Discarding the constraint and retrying should be a choice left to the user, not taken automatically by ssh-add. the attached patch should fix this behavior.
Created attachment 1674 [details] Revised patch With your patch, we can garbage collect ssh_add_identity() since nothing calls it anymore.
Patch applied, this will be in openssh-5.4
Mass move of RESOLVED bugs to CLOSED now that 5.3 is out.
Sorry, but the patch doesn't seem to present in the 5.3p1 tarball, and it also does not appear to be applied to the head of CVS (where i'd expect it to be for 5.4, which is not yet out). I'm probably misunderstanding some piece of the workflow, but this doesn't look resolved to me.
It's been committed to OpenBSD but not yet synced to portable (we weren't syncing HEAD while we were working on the 5.3p1 release). Now that 5.3 is out we'll start pulling the changes in again. See for example: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/authfd.c
With the release of 5.4p1, this bug is now considered closed.