Have ssh-add be quiet if key already there
I don't see any options to ssh-add that help achieve your desired result, but it's pretty easy to work around this, given that you're concerned with one key in particular.
First, grab the fingerprint for your special_key:
ssh-keygen -lf /path/to/special_key | awk '{print $2}'
Let's say this fingerprint looks like 6d:98:ed:8c:07:07:fe:57:bb:19:12:89:5a:c4:bf:25
Then, at the top of your script, use ssh-add -l
to check whether that key is loaded, before prompting to add it:
ssh-add -l |grep -q 6d:98:ed:8c:07:07:fe:57:bb:19:12:89:5a:c4:bf:25 || ssh-add /path/to/special_key
You can fold all this together into one line if you wish:
ssh-add -l |grep -q `ssh-keygen -lf /path/to/special_key | awk '{print $2}'` || ssh-add /path/to/special_key
There is no direct way to check using just ssh-add
but you can make use of ssh-keygen
and some scripting to check.
$ if ssh-add -l | \
grep -q "$(ssh-keygen -lf /path/to/special_key | awk '{print $2}')"; \
then echo yes; \
else echo no; \
fi
The above would then print yes
if the fingerprint represented by the file /path/to/special_key
was present in ssh-add -l
's output.
Example
$ if ssh-add -l | \
grep -q "$(ssh-keygen -lf /path/to/special_key | awk '{print $2}')"; \
then echo yes; \
else echo no; \
fi
yes
Where the contents of output from ssh-keygen -lf /path/to/special_key
looks like this:
$ ssh-keygen -lf /path/to/special_key
2048 8a:6a:5a:44:20:c8:3a:da:ab:dd:1c:12:2c:e4:20:0c dev-servers (RSA)
And we're using `awk '{print $2}' to select just the 2nd column, which contains the fingerprint, i.e.:
8a:6a:5a:44:20:c8:3a:da:ab:dd:1c:12:2c:e4:20:0c
References
- How do I extract fingerprints from .ssh/known_hosts?
You might have particular reasons to be using ssh-add
explicitly, but if you just want "I want to be prompted for my passphrase the first time I use the key, but not after that," openssh has a simpler solution:
Put AddKeysToAgent yes
in your .ssh/config
file.