On Wed, 2018-04-11 at 11:40 +0200, Jan Schermer wrote: > Slightly OT question - is there a way to make ssh-agent work with > keys in a PKCS#11 module and a certificate? I can make the ssh client > work (add the key to agent and the default cert gets used by > default), but the cert can’t be added to ssh-agent … No, it is not possible. There is a patch in bugzilla [1], which does it the "ugly" way without modifying ssh-agent protocol, because there is no message that would fit this use case. Better way would be to adjust the ssh-agent protocol with new messages supporting this protocol, but nobody implemented this yet. [1] https://bugzilla.mindrot.org/show_bug.cgi?id=2472 -- Jakub Jelen Software Engineer Security Technologies Red Hat, Inc. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev