Finding a resident key stored in an agent without a corresponding file?
Lars Noodén
lars.nooden at gmx.com
Mon Mar 22 01:36:13 AEDT 2021
I have a question about SK keys when there are more than 6 keys in the
agent.
If I have added an SK key as resident to a hardware token, using the -O
resident option with ssh-keygen(1), then the -K option with ssh-add(1)
will get the resident key later from the token and store it in the agent.
$ ssh-add -K
With six or fewer keys in the agent, assuming default MaxAuthTries in
the server, it is then only a matter of having the SSH client use the
agent and the right key will be found. However, with many keys already
in the agent, the key has to be specified explicitly or the 'wrong' keys
will get tried first.
I'd like to point the client directly to the resident key without first
extracting the resident key and saving it to the file system. How may I
tell the SSH client which key to use without a file on disk?
$ ssh-add -l | awk '{print $1, $NF}'
256 (ED25519)
256 (ED25519)
2048 (RSA)
256 (ED25519)
256 (ED25519)
256 (ED25519)
4096 (RSA)
4096 (RSA)
4096 (RSA)
256 (ED25519)
256 (ECDSA-SK)
256 (ECDSA-SK)
256 (ECDSA-SK)
256 (ECDSA-SK)
256 (ECDSA-SK)
256 (ECDSA-SK)
256 (ED25519)
256 (ECDSA-SK)
256 (ED25519-SK)
/Lars
More information about the openssh-unix-dev
mailing list