[Bug 3212] Ability to add ssh certificate to ssh agent to existing private key without rereading private key from filesystem
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Mon Jan 19 23:45:35 AEDT 2026
https://bugzilla.mindrot.org/show_bug.cgi?id=3212
--- Comment #2 from George Shuklin <george.shuklin at gmail.com> ---
I kinda miss the concern here.
There is ssh-agent, running. It's already in possession of the user
private key (it was added by the user).
If agent will ask for prove for the client, client will come back to
the agent to ask to sign the request, so it's literally a loop.
Also, what's wrong about having an additional certificate added?
Imagine, someone added incorrect certificate, for which we don't have a
private key in the agent. It is broken and can't be used. What else bad
can happen?
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list