SSH keys added using "ssh-add -c" not prompting for confirmation

Question

Using OS X 10.11.1 I'm hoping to run a setup where my SSH keys are adding using ssh-add -c and when the ssh agent is requested to use a particular key I receive a dialog asking for permissions (i.e. ssh-askpass).

I'm unable to get anything other then keys adding via ssh-add -c just not seeming to work at all. I can add the key and confirm the key is added via ssh-add -l, but when I go to connect to a host I eventually end up a password authentication.

I've installed XQuartz and have a DISPLAY env var set, as well as having tried setting the SSH_ASKPASS env var with a path to an executable applicable for that. The executable doesn't seem to be being executed when I attempt the ssh connection though.

I've tried a few rounds of killing ssh-agent and re-adding keys with the env vars set with no luck.

Answer 1

The problem was that the SSH_ASKPASS env var wasn't available to ssh-agent when it started.

I had tried to set this using launchctl setenv, but that did not appear to persist during restarts.

I used this answer here (even though I'm using El Capitan it worked fine) to call launchctl setenv on every boot, before ssh-agent starts.

Setting the system-wide PATH environment variable in Mavericks

Answer 2

James,

Are you attempting to run before you can walk?

I'm assuming you are using the Mac app Terminal

Have you successfully run ssh-agent and then successfully run ssh-add without the -c argument and then successfully used those credentials to log in to somewhere?

If so then you might be ready to think about using the -c argument.

First thing to note is that if you are relying on an X11 program to pop up the dialog required then you will have to be running in Xterm, rather than Terminal, as an X11 program will have a hard time passing back the information to OS X.

I'd be interested to know your use case. What are you actually trying to do?