[Bug 3462] New: Dynamically load resident keys from smartcard (to work with AddKeysToAgent)

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Jul 14 00:24:32 AEST 2022


https://bugzilla.mindrot.org/show_bug.cgi?id=3462

            Bug ID: 3462
           Summary: Dynamically load resident keys from smartcard (to work
                    with AddKeysToAgent)
           Product: Portable OpenSSH
           Version: v9.0p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: mg at max.gautier.name

This a feature request to support dynamically loading so-called
"resident keys" from hardware token, and adding it to the ssh-agent.

When using an on disk key:

# ssh agent was started 
# AddKeysToAgent set to yes in ~/.ssh/config

ssh user at host
Enter passphrase:
Added key to agent
# Connection proceed and next connection does no ask for passphrase

----
# When using a resident keys (not requiring PIN, requiring user
presence check), key handle is not present on disk.

# ssh agent was started 

ssh-add -K
Enter PIN:
Resident identity added: <key>

ssh user at host
# Connection proceed and next connection do no ask for passphrase

Would it be possible to eliminate the need for the ssh-add -K, and try
to use resident keys for connected tokens, and then add them to the
agent ? Is that something openssh could/should support at all ?

Thanks

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list