Signed SSH key issue with OpenSSH6.4p1

Jakub Jelen jjelen at redhat.com
Wed Apr 11 20:00:56 AEST 2018


On Wed, 2018-04-11 at 11:40 +0200, Jan Schermer wrote:
> Slightly OT question - is there a way to make ssh-agent work with
> keys in a PKCS#11 module and a certificate? I can make the ssh client
> work (add the key to agent and the default cert gets used by
> default), but the cert can’t be added to ssh-agent …

No, it is not possible. There is a patch in bugzilla [1], which does it
the "ugly" way without modifying ssh-agent protocol, because there is
no message that would fit this use case. Better way would be to adjust
the ssh-agent protocol with new messages supporting this protocol, but
nobody implemented this yet.

[1] https://bugzilla.mindrot.org/show_bug.cgi?id=2472

-- 
Jakub Jelen
Software Engineer
Security Technologies
Red Hat, Inc.


More information about the openssh-unix-dev mailing list