Bug 2808

Summary: Unable to add certificates to agent when using PKCS#11 backed keys.
Product: Portable OpenSSH Reporter: Peter <peter>
Component: ssh-agentAssignee: Assigned to nobody <unassigned-bugs>
Status: ASSIGNED ---    
Severity: enhancement CC: djm
Priority: P5 Keywords: pkcs11
Version: 7.4p1   
Hardware: amd64   
OS: Linux   

Description Peter 2017-12-07 19:37:47 AEDT 
I use a combination of Yubikeys and OpenSSH certificates to authenticate in my environment. But when I want to use my ssh-agent to bring my keys and certificates with me I have some problems. I cant find a way to actually add the certificate to the agent when my keys are stored on a PKCS#11 device.
Comment 1 Peter 2018-01-19 00:03:25 AEDT 
This seems to be handeled by this ticket:
https://bugzilla.mindrot.org/show_bug.cgi?id=2472
Comment 2 Damien Miller 2019-01-22 21:06:32 AEDT 
BTW You can use certificates in ssh already using keys stored in an agent or token. Certificates are grafted to external keys at authentication time if they are available.