[Bug 2472] Add support to load additional certificates

2023-11-02 Thread bugzilla-daemon
https://bugzilla.mindrot.org/show_bug.cgi?id=2472 Damien Miller changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug 2472] Add support to load additional certificates

2023-09-14 Thread bugzilla-daemon
https://bugzilla.mindrot.org/show_bug.cgi?id=2472 Celeste Liu changed: What|Removed |Added CC||coelacanthus...@gmail.com -- You are

[Bug 2472] Add support to load additional certificates

2020-06-15 Thread bugzilla-daemon
https://bugzilla.mindrot.org/show_bug.cgi?id=2472 Phil Frost changed: What|Removed |Added CC||ind...@bitglue.com -- You are receiving

[Bug 2472] Add support to load additional certificates

2019-01-22 Thread bugzilla-daemon
https://bugzilla.mindrot.org/show_bug.cgi?id=2472 --- Comment #20 from Peter --- Yes, thats what I do today. I distribute my certificate files so that are available locally on all machines that I need it. But thats not a very scalable solution. If you are using a combination of PKCS#11 tokens,

[Bug 2472] Add support to load additional certificates

2019-01-22 Thread bugzilla-daemon
https://bugzilla.mindrot.org/show_bug.cgi?id=2472 --- Comment #19 from Jakub Jelen --- >From what I understand, currently the ssh-agent can work with certificate keys that are available locally to the client. The issue is that they can not be added to the agent with the keys on smartcard so

[Bug 2472] Add support to load additional certificates

2019-01-22 Thread bugzilla-daemon
https://bugzilla.mindrot.org/show_bug.cgi?id=2472 --- Comment #18 from Peter --- Hi! Im sorry but Im not really following. If I have a private key loaded from a PKCS#11 token, how do I load the corresponding certificate into the agent? Cant find anything about it in the ssh-add manual.

[Bug 2472] Add support to load additional certificates

2019-01-22 Thread bugzilla-daemon
https://bugzilla.mindrot.org/show_bug.cgi?id=2472 --- Comment #17 from Thomas Jarosch --- Yes, the original patch is not needed anymore thanks to other improvements in openssh. We rolled out the changes in December 2018 and so far no complaints :) Basically openssh gained support to sign

[Bug 2472] Add support to load additional certificates

2019-01-22 Thread bugzilla-daemon
https://bugzilla.mindrot.org/show_bug.cgi?id=2472 Damien Miller changed: What|Removed |Added Attachment #2934|0 |1 is obsolete|

[Bug 2472] Add support to load additional certificates

2018-02-21 Thread bugzilla-daemon
https://bugzilla.mindrot.org/show_bug.cgi?id=2472 Jakub Jelen changed: What|Removed |Added CC||jje...@redhat.com ---

[Bug 2472] Add support to load additional certificates

2018-02-13 Thread bugzilla-daemon
https://bugzilla.mindrot.org/show_bug.cgi?id=2472 --- Comment #14 from Thomas Jarosch --- Hi Damien, I've began working on this patch set again. It's ported to openssh 7.6p1 already. What I don't like about the implementation is that it creates an "empty" private

[Bug 2472] Add support to load additional certificates

2017-12-12 Thread bugzilla-daemon
https://bugzilla.mindrot.org/show_bug.cgi?id=2472 --- Comment #13 from Thomas Jarosch --- Hi Peter, I can look into porting the patches to the newest openssh version. Right now I'm in an update release crunch period at work, so not much time for other things atm.

[Bug 2472] Add support to load additional certificates

2017-12-07 Thread bugzilla-daemon
https://bugzilla.mindrot.org/show_bug.cgi?id=2472 --- Comment #12 from Peter --- Worked fine to add the patches to 7.4 but then I get this: [tl2:~/openssh-7.4p1] petera$ ./ssh-agent -P /usr/lib64/opensc-pkcs11.so -d setenv SSH_AUTH_SOCK /tmp/ssh-hW8Tsd3WfC0h/agent.22437; echo

[Bug 2472] Add support to load additional certificates

2017-12-07 Thread bugzilla-daemon
https://bugzilla.mindrot.org/show_bug.cgi?id=2472 --- Comment #11 from Peter --- Hi Thomas, Thank you for your work, this seems to be exactly what Im looking for. I have my keys on a PCKS#11 provider and need to use the agent to forward my certificates. I tried to add these

[Bug 2472] Add support to load additional certificates

2017-12-07 Thread bugzilla-daemon
https://bugzilla.mindrot.org/show_bug.cgi?id=2472 Peter changed: What|Removed |Added CC||pe...@pean.org -- You are

[Bug 2472] Add support to load additional certificates

2017-01-30 Thread bugzilla-daemon
https://bugzilla.mindrot.org/show_bug.cgi?id=2472 Thomas Jarosch changed: What|Removed |Added Attachment #2933|0 |1

[Bug 2472] Add support to load additional certificates

2017-01-30 Thread bugzilla-daemon
https://bugzilla.mindrot.org/show_bug.cgi?id=2472 --- Comment #8 from Thomas Jarosch --- I'll post an updated patchset again current git f25ee13b3e81fd80efeb871dc150fe49d7fc8afd. (this is openssh 7.4p1+) The code is also available here (for easier review access):

[Bug 2472] Add support to load additional certificates

2017-01-30 Thread bugzilla-daemon
https://bugzilla.mindrot.org/show_bug.cgi?id=2472 --- Comment #7 from Thomas Jarosch --- Hi Damien, cooking this patchset a little further: (In reply to Damien Miller from comment #5) > Looking at the patch, I like the idea but I don't think we need to > modify

[Bug 2472] Add support to load additional certificates

2015-11-13 Thread bugzilla-daemon
https://bugzilla.mindrot.org/show_bug.cgi?id=2472 --- Comment #6 from Thomas Jarosch --- I'm not sure if the "implicit send certificates" approach might be very cumbersome when using PKCS#11 tokens. How would one specify the filename for the public certs when using

[Bug 2472] Add support to load additional certificates

2015-11-12 Thread bugzilla-daemon
https://bugzilla.mindrot.org/show_bug.cgi?id=2472 --- Comment #5 from Damien Miller --- Looking at the patch, I like the idea but I don't think we need to modify ssh-agent to accommodate it. Couldn't ssh-add just graft the extra certificates to the private key and send them?

[Bug 2472] Add support to load additional certificates

2015-10-23 Thread bugzilla-daemon
https://bugzilla.mindrot.org/show_bug.cgi?id=2472 --- Comment #4 from Thomas Jarosch --- The new code goes in the right direction. I don't think it covers the use case when you ssh into one machine and then want to use agent forwarding to ssh into the next machine?

[Bug 2472] Add support to load additional certificates

2015-10-22 Thread bugzilla-daemon
https://bugzilla.mindrot.org/show_bug.cgi?id=2472 Damien Miller changed: What|Removed |Added CC||d...@mindrot.org

[Bug 2472] Add support to load additional certificates

2015-09-25 Thread bugzilla-daemon
https://bugzilla.mindrot.org/show_bug.cgi?id=2472 --- Comment #1 from Thomas Jarosch --- Created attachment 2716 --> https://bugzilla.mindrot.org/attachment.cgi?id=2716=edit Patch part 2/3 -- You are receiving this mail because: You are watching the assignee of

[Bug 2472] Add support to load additional certificates

2015-09-25 Thread bugzilla-daemon
https://bugzilla.mindrot.org/show_bug.cgi?id=2472 --- Comment #2 from Thomas Jarosch --- Created attachment 2717 --> https://bugzilla.mindrot.org/attachment.cgi?id=2717=edit Patch part 3/3 -- You are receiving this mail because: You are watching the assignee of