I'm not sure if this is the correct place to post this. Apologies if not. In September 2018 I wrote to the list about my interest in the pam-ussh project following Peter Moody's post on Medium about it: https://medium.com/uber-security-privacy/introducing-the-uber-ssh-certificate-authority-4f840839c5cc Using short-lived certificates that could be added to forwarded agents seemed a promising idea, and I asked the list for comments on whether it was advisable (some said not) and how it might be done. Happily, Peter himself responded and pointed me to go's ssh packages. It has taken me over a year to get around to learning some go and, recently, attempting a proof-of-concept project for adding certificates to the forwarded agents of public-key authenticated clients. The project is here in case anyone is interested in it: https://github.com/rorycl/sshagentca Beware the beginner code. Many thanks to Peter for his comments, and for the useful resources made available by scalingo -- amongst others -- on github, together with the comments from this on this idea back in 2018. Rory _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev