# Confirmation when using ssh-agent

## Sipos

I'm trying to use the -c option to ssh-add to make ssh-agent ask for confirmation before allowing authentication using an identity. I am using the identity stored in the default location, ~/.ssh/id_rsa{,.pub} and have tried for keys with and without a passphrase but, if I add the identity with the -c option to ssh-add, whenever I try to use ssh, I get the following error message and, key based authentication is not attempted

```
sign_and_send_pubkey: signing failed: agent refused operation
```

I have net-misc/ssh-askpass-fullscreen and net-misc/x11-ssh-askpass installed. 

Anyone have any ideas what might be wrong or, anyone have this working?

----------

## jarek.w

I know that this is an old post but it is the only one that I found with a similar problem that I had. 

If you are using key based authentication with confirmation (for example with KeePassXC):

you have to install net-misc/x11-ssh-askpass or other alternative passphrase dialogs.

do not enter password into the dialog or you can type yes and click ok.

A prompt of the dialog isn't very intuitive.  :Mad: 

The source code handling entering password can be found in readpass.c in function 

```
int ask_permission(const char *fmt, ...)
```

 (net-misc/openssh-8.8_p1-r4:0).

The entered password is compared to an empty string or word yes.

----------

