Alas, "ssh-add -T" does not help. Regardless of whether the private key is already unlocked, it prompts for the password (apparently with unlimited retrys) and returns 0 once the correct password is entered. The private key is then left unlocked. -- Bob Nichols "NOSPAM" is really part of my email address. Do NOT delete it. On 1/9/22 12:54 PM, centos at niob.at wrote: > Look at ssh-add -T <pubkey-file>. This will test if the private key for the given public key is available through the agent. > > Am 07.01.22 um 23:35 schrieb Robert Nichols: >> When I first ssh to a system, I am asked for the password to unlock the private key file. Thereafter, that key file remains unlocked, and subsequent ssh sessions will not prompt for a password. I can always re-lock the key file by running "ssh-add -D". In a script I have that runs sshfs to mount a remote directory, I want to re-lock that key file _unless_ it was already unlocked, i.e., if I sshfs asks for a password, I want to re-lock the key file immediately after the command is run. >> >> How can I determine ahead of time whether the key file is already unlocked? In the past (Centos 6) I could examine the output from "ssh-add -l" determine that. Now, "ssh-add -l" just shows the public key whether of not the private key has been unlocked. There is also no apparent way to see whether or not sshfs asked for a password. >> >> Suggestions? >>