On Fri, 10 Sep 2021, Brian Candler wrote: > There was also a discussion on this topic earlier this year, with subject > "Insert certificate into agent for existing key?" > > https://marc.info/?l=openssh-unix-dev&w=4&r=1&s=insert+certificate+into+agent&q=b Yeah, addings just certificates to the agent requires protocol extensions to match them against already loaded private keys. It's messy and complicated in a piece of code that we really don't want to be messy and complicated. But you don't actually need to load a certificate into an agent to use it with an agent! You can just have the private key in the agent and specify CertificateFile in ~/.ssh/config or on the command-line and ssh will match the private key to the certificate when it is time to use it (well, it should anyway). -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
