[Bug 2472] Add support to load additional certificates

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Jan 22 22:12:57 AEDT 2019


https://bugzilla.mindrot.org/show_bug.cgi?id=2472

--- Comment #19 from Jakub Jelen <jjelen at redhat.com> ---
>From what I understand, currently the ssh-agent can work with
certificate keys that are available locally to the client.

The issue is that they can not be added to the agent with the keys on
smartcard so both of them could be atomically forwarded to be used on
remote hosts, which was one of the requests in this bug (comment #11).

Clearly updating this will require updating also the ssh-agent protocol
[1] and other tools talking this protocol if we do not want to break
time (draft is already expired). The question is if is reasonable to
extend the protocol this way or the extension negotiation mechanism
(since it is available) should be used. The protocol is already used
for a long time, but no official RFC is out so 

[1] https://tools.ietf.org/html/draft-miller-ssh-agent-02

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list