PrivateKeyCommand config idea

Bernd Eckenfels ecki at
Tue Mar 12 12:05:13 AEDT 2024

BTW not for your usecase with the decryption, but if people want to dynamically create/provision short lived
keys, they could use „match host * exec %s“ config to run a program before each connection.
However it can’t stdout the key material, but what it could do is update a temporary Idendity file or
push it short-lived with ssh-add to the running (standard) agent.

openssh at wrote on 11. Mar 2024 22:15 (GMT +01:00):

> Hmm, okay, I just realized the protocol has a full specification at
> Would it be
> possible to get that protocol added to the list of manuals which typically
> get installed with the OpenSSH package?


More information about the openssh-unix-dev mailing list