- ssh-keygen will fail hard if it doesn't find what it needs, even when

quiet
- Don't find "$PATH_PUBKEYS_DIR/" if it doesn't exist
- Retrieve CA comment only inside find, when it's really needed
- Quiet down ssh-keygen in get_ca_sk_comment_from_pk if ca.pub is not
  present

cassh.sh

@@ -33,7 +33,7 @@ err()
 # present.
 get_ca_sk_comment_from_pk()
 {
-	ssh-keygen -lf "$1" | {
+	ssh-keygen -lf "$1" 2>/dev/null | {
 		read -r pk_sz pk_fp pk_extra
 		_comment=$(ssh-add -l | while read -r sk_sz sk_fp sk_extra; do
 			if [ "X$sk_fp" = "X$pk_fp" ]; then
@@ -117,24 +117,18 @@ main_issue()
 		usage
 	fi
 
-	if [ ! -f "$PATH_CA_PUB" ]; then
-		err "no $PATH_CA_PUB found"
-	fi
-	if ! ssh-add $qflag $vflag -T "$PATH_CA_PUB"; then
-		err "can't use CA key"
-	fi
-	if [ ! -d "$PATH_PUBKEYS_DIR/" ]; then
-		err "no pubkeys directory found"
-	fi
-
 	if [ ! -f "$PATH_CA_SERIAL" ]; then
 		echo 0 >"$PATH_CA_SERIAL"
 	fi
 	read -r serial <"$PATH_CA_SERIAL"
 
-	ca_comment=$(get_ca_sk_comment_from_pk "$PATH_CA_PUB")
+	if [ ! -d "$PATH_PUBKEYS_DIR" ]; then
-	: ${ca_comment:=cassh}
+		exit 0
+	fi
 	find "$PATH_PUBKEYS_DIR/" -type f -name '*.pub' ! -name '*-cert.pub' | {
+		ca_comment=$(get_ca_sk_comment_from_pk "$PATH_CA_PUB")
+		: ${ca_comment:=cassh}
+
 		while read -r pk; do
 			pkname=${pk%.pub}
 			pkname=${pkname#$PATH_PUBKEYS_DIR/}