So now that ssh-tpm-agent asks for confirmation, I also would like to show the process that is requesting.
When a key is added with -c, the askpass prompt currently shows the key name and fingerprint. It would help to also show which process is asking, so you can tell a git push apart from something unexpected hitting the agent (especially with agent forwarding).
So my idea is the following. On each accepted connection, read SO_PEERCRED to get the client PID then read /proc/<pid>/comm (optionally walk PPid a few levels) and append it to the prompt:
Allow use of key id_ecdsa?
Key fingerprint SHA256:abc...
Requested by: git (1234) ← zsh ← kitty
Let me know if what you think about this idea, I would be happy to implement it.
So now that ssh-tpm-agent asks for confirmation, I also would like to show the process that is requesting.
When a key is added with
-c, the askpass prompt currently shows the key name and fingerprint. It would help to also show which process is asking, so you can tell agit pushapart from something unexpected hitting the agent (especially with agent forwarding).So my idea is the following. On each accepted connection, read
SO_PEERCREDto get the client PID then read/proc/<pid>/comm(optionally walk PPid a few levels) and append it to the prompt:Allow use of key id_ecdsa?
Key fingerprint SHA256:abc...
Requested by: git (1234) ← zsh ← kitty
Let me know if what you think about this idea, I would be happy to implement it.