Finding a resident key stored in an agent without a corresponding file?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



I have a question about SK keys when there are more than 6 keys in the
agent.

If I have added an SK key as resident to a hardware token, using the -O
resident option with ssh-keygen(1), then the -K option with ssh-add(1)
will get the resident key later from the token and store it in the agent.

$ ssh-add -K

With six or fewer keys in the agent, assuming default MaxAuthTries in
the server, it is then only a matter of having the SSH client use the
agent and the right key will be found.  However, with many keys already
in the agent, the key has to be specified explicitly or the 'wrong' keys
will get tried first.

I'd like to point the client directly to the resident key without first
extracting the resident key and saving it to the file system.  How may I
tell the SSH client which key to use without a file on disk?

$ ssh-add -l | awk '{print $1, $NF}'
256 (ED25519)
256 (ED25519)
2048 (RSA)
256 (ED25519)
256 (ED25519)
256 (ED25519)
4096 (RSA)
4096 (RSA)
4096 (RSA)
256 (ED25519)
256 (ECDSA-SK)
256 (ECDSA-SK)
256 (ECDSA-SK)
256 (ECDSA-SK)
256 (ECDSA-SK)
256 (ECDSA-SK)
256 (ED25519)
256 (ECDSA-SK)
256 (ED25519-SK)

/Lars
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux