From 6e9267bf75c6d7ce93e7a4be22d88d2c354cfcb9 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Tue, 26 Mar 2019 23:31:11 -0300
Subject: Do not list keys without password at ssh-agent-loadkey (robust
 approach)

---
 ssh-agent-loadkey | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ssh-agent-loadkey b/ssh-agent-loadkey
index 840ea82..841e3d2 100755
--- a/ssh-agent-loadkey
+++ b/ssh-agent-loadkey
@@ -18,7 +18,8 @@ function __query {
   (
   cd $KEYS && find -name '*.pub' | sed -e 's/.pub$//' | grep -v decomissioned | while read line; do
     # See https://security.stackexchange.com/questions/129724/how-to-check-if-an-ssh-private-key-has-passphrase-or-not#129727
-    if grep -q ',ENCRYPTED' $line; then
+    #if grep -q ',ENCRYPTED' $line; then
+    if ! ssh-keygen -y -P "" -f $line &> /dev/null; then
       handle="`echo $line | cut -d '/' -f 3`"
       type="`echo $line | cut -d '/' -f 2`"
       echo "$handle ($type)"
-- 
cgit v1.2.3