[Bug 3212] New: Ability to add ssh certiicate to ssh agent to existing private key without rereading private key from filesystem

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Sep 10 01:30:03 AEST 2020


https://bugzilla.mindrot.org/show_bug.cgi?id=3212

            Bug ID: 3212
           Summary: Ability to add ssh certiicate to ssh agent to existing
                    private key without rereading private key from
                    filesystem
           Product: Portable OpenSSH
           Version: 8.2p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh-add
          Assignee: unassigned-bugs at mindrot.org
          Reporter: george.shuklin at gmail.com

Currently the single way to add a ssh certificate to the ssh agent is
to re-add the private key with corresponding certificate file saved in
the same directory (with -cert.pub suffix).

Some IT systems use short-lived dynamic ssh certificates. To automate
allocations of certificates it would be really nice to have ability to
add ssh certificate to an existing (in the ssh agent) private key,
preferably from stdin.

If ssh private key is encrypted (which is advised configuration for
private keys), adding a certificate together with a private key.
1) impossible to automate.
2) cause excessive typing of the password for users.

Proposition: add ability to add a certificate to the ssh agent without
re-reading private key.

Proposed command line to ssh-add:

- C public_key cert_file     Add certificate to the agent based on
public_key. '-' instead of cert_file indicating of use of stdin.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list