https://bugzilla.mindrot.org/show_bug.cgi?id=2472
Damien Miller changed:
What|Removed |Added
Status|ASSIGNED|RESOLVED
Resolution|---
https://bugzilla.mindrot.org/show_bug.cgi?id=2472
Celeste Liu changed:
What|Removed |Added
CC||coelacanthus...@gmail.com
--
You are
https://bugzilla.mindrot.org/show_bug.cgi?id=2472
Phil Frost changed:
What|Removed |Added
CC||ind...@bitglue.com
--
You are receiving
https://bugzilla.mindrot.org/show_bug.cgi?id=2472
--- Comment #20 from Peter ---
Yes, thats what I do today. I distribute my certificate files so that
are available locally on all machines that I need it. But thats not a
very scalable solution.
If you are using a combination of PKCS#11 tokens,
https://bugzilla.mindrot.org/show_bug.cgi?id=2472
--- Comment #19 from Jakub Jelen ---
>From what I understand, currently the ssh-agent can work with
certificate keys that are available locally to the client.
The issue is that they can not be added to the agent with the keys on
smartcard so
https://bugzilla.mindrot.org/show_bug.cgi?id=2472
--- Comment #18 from Peter ---
Hi!
Im sorry but Im not really following.
If I have a private key loaded from a PKCS#11 token, how do I load the
corresponding certificate into the agent? Cant find anything about it
in the ssh-add manual.
https://bugzilla.mindrot.org/show_bug.cgi?id=2472
--- Comment #17 from Thomas Jarosch ---
Yes, the original patch is not needed anymore thanks to other
improvements in openssh. We rolled out the changes in December 2018 and
so far no complaints :)
Basically openssh gained support to sign
https://bugzilla.mindrot.org/show_bug.cgi?id=2472
Damien Miller changed:
What|Removed |Added
Attachment #2934|0 |1
is obsolete|
https://bugzilla.mindrot.org/show_bug.cgi?id=2472
Jakub Jelen changed:
What|Removed |Added
CC||jje...@redhat.com
---
https://bugzilla.mindrot.org/show_bug.cgi?id=2472
--- Comment #14 from Thomas Jarosch ---
Hi Damien,
I've began working on this patch set again. It's ported to openssh
7.6p1 already.
What I don't like about the implementation is that it creates an
"empty" private
https://bugzilla.mindrot.org/show_bug.cgi?id=2472
--- Comment #13 from Thomas Jarosch ---
Hi Peter,
I can look into porting the patches to the newest openssh version.
Right now I'm in an update release crunch period at work, so not much
time for other things atm.
https://bugzilla.mindrot.org/show_bug.cgi?id=2472
--- Comment #12 from Peter ---
Worked fine to add the patches to 7.4 but then I get this:
[tl2:~/openssh-7.4p1] petera$ ./ssh-agent -P
/usr/lib64/opensc-pkcs11.so -d
setenv SSH_AUTH_SOCK /tmp/ssh-hW8Tsd3WfC0h/agent.22437;
echo
https://bugzilla.mindrot.org/show_bug.cgi?id=2472
--- Comment #11 from Peter ---
Hi Thomas,
Thank you for your work, this seems to be exactly what Im looking for.
I have my keys on a PCKS#11 provider and need to use the agent to
forward my certificates.
I tried to add these
https://bugzilla.mindrot.org/show_bug.cgi?id=2472
Peter changed:
What|Removed |Added
CC||pe...@pean.org
--
You are
https://bugzilla.mindrot.org/show_bug.cgi?id=2472
Thomas Jarosch changed:
What|Removed |Added
Attachment #2933|0 |1
https://bugzilla.mindrot.org/show_bug.cgi?id=2472
--- Comment #8 from Thomas Jarosch ---
I'll post an updated patchset again current git
f25ee13b3e81fd80efeb871dc150fe49d7fc8afd.
(this is openssh 7.4p1+)
The code is also available here (for easier review access):
https://bugzilla.mindrot.org/show_bug.cgi?id=2472
--- Comment #7 from Thomas Jarosch ---
Hi Damien,
cooking this patchset a little further:
(In reply to Damien Miller from comment #5)
> Looking at the patch, I like the idea but I don't think we need to
> modify
https://bugzilla.mindrot.org/show_bug.cgi?id=2472
--- Comment #6 from Thomas Jarosch ---
I'm not sure if the "implicit send certificates" approach might be very
cumbersome when using PKCS#11 tokens.
How would one specify the filename for the public certs when using
https://bugzilla.mindrot.org/show_bug.cgi?id=2472
--- Comment #5 from Damien Miller ---
Looking at the patch, I like the idea but I don't think we need to
modify ssh-agent to accommodate it.
Couldn't ssh-add just graft the extra certificates to the private key
and send them?
https://bugzilla.mindrot.org/show_bug.cgi?id=2472
--- Comment #4 from Thomas Jarosch ---
The new code goes in the right direction.
I don't think it covers the use case when you ssh into one machine and
then want to use agent forwarding to ssh into the next machine?
https://bugzilla.mindrot.org/show_bug.cgi?id=2472
Damien Miller changed:
What|Removed |Added
CC||d...@mindrot.org
https://bugzilla.mindrot.org/show_bug.cgi?id=2472
--- Comment #1 from Thomas Jarosch ---
Created attachment 2716
--> https://bugzilla.mindrot.org/attachment.cgi?id=2716=edit
Patch part 2/3
--
You are receiving this mail because:
You are watching the assignee of
https://bugzilla.mindrot.org/show_bug.cgi?id=2472
--- Comment #2 from Thomas Jarosch ---
Created attachment 2717
--> https://bugzilla.mindrot.org/attachment.cgi?id=2717=edit
Patch part 3/3
--
You are receiving this mail because:
You are watching the assignee of
23 matches
Mail list logo