[Bug 3212] New: Ability to add ssh certiicate to ssh agent to existing private key without rereading private key from filesystem
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Sep 10 01:30:03 AEST 2020
https://bugzilla.mindrot.org/show_bug.cgi?id=3212
Bug ID: 3212
Summary: Ability to add ssh certiicate to ssh agent to existing
private key without rereading private key from
filesystem
Product: Portable OpenSSH
Version: 8.2p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-add
Assignee: unassigned-bugs at mindrot.org
Reporter: george.shuklin at gmail.com
Currently the single way to add a ssh certificate to the ssh agent is
to re-add the private key with corresponding certificate file saved in
the same directory (with -cert.pub suffix).
Some IT systems use short-lived dynamic ssh certificates. To automate
allocations of certificates it would be really nice to have ability to
add ssh certificate to an existing (in the ssh agent) private key,
preferably from stdin.
If ssh private key is encrypted (which is advised configuration for
private keys), adding a certificate together with a private key.
1) impossible to automate.
2) cause excessive typing of the password for users.
Proposition: add ability to add a certificate to the ssh agent without
re-reading private key.
Proposed command line to ssh-add:
- C public_key cert_file Add certificate to the agent based on
public_key. '-' instead of cert_file indicating of use of stdin.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list