Is My SSH Private Key Already Unlocked?

Home » CentOS » Is My SSH Private Key Already Unlocked?
CentOS 2 Comments

When I first SSH to a system, I am asked for the password to unlock the private key file. Thereafter, that key file remains unlocked, and subsequent SSH sessions will not prompt for a password. I can always re-lock the key file by running “ssh-add -D”. In a script I have that runs SSHFS to mount a remote directory, I want to re-lock that key file _unless_ it was already unlocked, i.e., if I SSHFS asks for a password, I want to re-lock the key file immediately after the command is run.

How can I determine ahead of time whether the key file is already unlocked? In the past (CentOS 6) I could examine the output from “ssh-add -l” determine that. Now, “ssh-add -l” just shows the public key whether of not the private key has been unlocked. There is also no apparent way to see whether or not SSHFS asked for a password.

Suggestions?

2 thoughts on - Is My SSH Private Key Already Unlocked?

  • Am 07.01.22 um 23:35 schrieb Robert Nichols:
    Look at ssh-add -T . This will test if the private key for the given public key is available through the agent.

  • Alas, “ssh-add -T” does not help. Regardless of whether the private key is already unlocked, it prompts for the password (apparently with unlimited retrys) and returns 0 once the correct password is entered. The private key is then left unlocked.