feat(ssh-agent): allow lazy-loading SSH identities (#6309)

Fixes #7477

2 files changed, 21 insertions, 2 deletions

diff --git a/plugins/ssh-agent/README.md b/plugins/ssh-agent/README.md
index d1a504b1e..1d6914ec6 100644
--- a/plugins/ssh-agent/README.md
+++ b/plugins/ssh-agent/README.md
@@ -21,7 +21,23 @@ zstyle :omz:plugins:ssh-agent agent-forwarding on
 
 ----
 
-To **load multiple identities** use the `identities` style, For example:
+To **NOT load any identities on start** use the `lazy` setting. This is particularly
+useful when combined with the `AddKeysToAgent` setting (available since OpenSSH 7.2),
+since it allows to enter the password only on first use. _NOTE: you can know your
+OpenSSH version with `ssh -V`._
+
+```zsh
+zstyle :omz:plugins:ssh-agent lazy yes
+```
+
+You can enable `AddKeysToAgent` by passing `-o AddKeysToAgent=yes` to the `ssh` command,
+or by adding `AddKeysToAgent yes` to your `~/.ssh/config` file [1].
+See the [OpenSSH 7.2 Release Notes](http://www.openssh.com/txt/release-7.2).
+
+----
+
+To **load multiple identities** use the `identities` style (**this has no effect
+if the `lazy` setting is enabled**). For example:
 
 ```zsh
 zstyle :omz:plugins:ssh-agent identities id_rsa id_rsa2 id_github
diff --git a/plugins/ssh-agent/ssh-agent.plugin.zsh b/plugins/ssh-agent/ssh-agent.plugin.zsh
index 2d7d8a2a0..4bd2dedcc 100644
--- a/plugins/ssh-agent/ssh-agent.plugin.zsh
+++ b/plugins/ssh-agent/ssh-agent.plugin.zsh
@@ -96,7 +96,10 @@ else
   _start_agent
 fi
 
-_add_identities
+# Don't add identities if lazy-loading is enabled
+if ! zstyle -b :omz:plugins:ssh-agent lazy; then
+  _add_identities
+fi
 
 unset agent_forwarding ssh_env_cache
 unfunction _start_agent _add_identities