Alas, "ssh-add -T" does not help. Regardless of whether the private key is already unlocked, it prompts for the password (apparently with unlimited retrys) and returns 0 once the correct password is entered. The private key is then left unlocked.
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.
On 1/9/22 12:54 PM, centos at niob.at wrote:
> Look at ssh-add -T <pubkey-file>. This will test if the private key for the given public key is available through the agent.
>
> Am 07.01.22 um 23:35 schrieb Robert Nichols:
>> When I first ssh to a system, I am asked for the password to unlock the private key file. Thereafter, that key file remains unlocked, and subsequent ssh sessions will not prompt for a password. I can always re-lock the key file by running "ssh-add -D". In a script I have that runs sshfs to mount a remote directory, I want to re-lock that key file _unless_ it was already unlocked, i.e., if I sshfs asks for a password, I want to re-lock the key file immediately after the command is run.
>>
>> How can I determine ahead of time whether the key file is already unlocked? In the past (Centos 6) I could examine the output from "ssh-add -l" determine that. Now, "ssh-add -l" just shows the public key whether of not the private key has been unlocked. There is also no apparent way to see whether or not sshfs asked for a password.
>>
>> Suggestions?
>>