[Bug 2377] New: Add ssh-agent support to ssh-keygen
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Mon Apr 13 18:14:21 AEST 2015
https://bugzilla.mindrot.org/show_bug.cgi?id=2377
Bug ID: 2377
Summary: Add ssh-agent support to ssh-keygen
Product: Portable OpenSSH
Version: 6.9p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-keygen
Assignee: unassigned-bugs at mindrot.org
Reporter: boleslaw.tokarski at gmail.com
The only way for ssh-keygen to generate a certificate is currently to
access the private key representing the CA from a file, or open the
pkcs11 smartcard on its own.
This makes it cumbersome to automate, as either the key is unencrypted,
and/or card is PINless, as otherwise every signing attempt forces a
manual password/PIN prompt.
If ssh-keygen was able to access ssh-agent, it would be up to ssh-agent
to hold the unencrypted private key, or to keep the pkcs11 smartcard
open after having requested the PIN once. It could also be up to
ssh-agent feature of gpg-agent to use a GnuPG card natively.
Use case:
http://lists.mindrot.org/pipermail/openssh-unix-dev/2015-April/033813.html
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list