A quick question (I hope): I built an SSH user CA that would allow users to SSH in (using their keypair) and thus trigger creation of a matching cert. What I would *like* to do is to (add agent forwarding to the login and) have the CA load the cert straight into the agent. What happens is that doing an ssh-add on the CA fails because it cannot find the *private* key in a local file, and even when I download the cert and do the ssh-add locally, I need to enter the passphrase into the terminal, presumably because it does read the privkey from its file as well - in spite of the fact that the privkey is already loaded in the agent all the time. Is this a principal limitation of the code/protocol/security model, something I can work around (though I don't yet see how), a feature request with a chance of getting implemented, ... ? Kind regards, -- Jochen Bern Systemingenieur Binect GmbH
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
