[Bug 2472] Add support to load additional certificates

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Nov 13 14:07:25 AEDT 2015


https://bugzilla.mindrot.org/show_bug.cgi?id=2472

--- Comment #5 from Damien Miller <djm at mindrot.org> ---
Looking at the patch, I like the idea but I don't think we need to
modify ssh-agent to accommodate it.

Couldn't ssh-add just graft the extra certificates to the private key
and send them? This is similar to how it send implicit *-cert.pub
certificates now.

It might be a little more hassle for the user, since they will need to
have their private keys available at the same time as their
certificates, but IMO users shouldn't be able to add keys to an agent
*without* presenting their private section.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list