Bug 3462

Summary: Dynamically load resident keys from smartcard (to work with AddKeysToAgent)
Product: Portable OpenSSH Reporter: Max Gautier <mg>
Component: sshAssignee: Assigned to nobody <unassigned-bugs>
Status: NEW ---    
Severity: enhancement    
Priority: P5    
Version: 9.0p1   
Hardware: Other   
OS: Linux   

Description Max Gautier 2022-07-14 00:24:32 AEST 
This a feature request to support dynamically loading so-called "resident keys" from hardware token, and adding it to the ssh-agent.

When using an on disk key:

# ssh agent was started 
# AddKeysToAgent set to yes in ~/.ssh/config

ssh user@host
Enter passphrase:
Added key to agent
# Connection proceed and next connection does no ask for passphrase

----
# When using a resident keys (not requiring PIN, requiring user presence check), key handle is not present on disk.

# ssh agent was started 

ssh-add -K
Enter PIN:
Resident identity added: <key>

ssh user@host
# Connection proceed and next connection do no ask for passphrase

Would it be possible to eliminate the need for the ssh-add -K, and try to use resident keys for connected tokens, and then add them to the agent ? Is that something openssh could/should support at all ?

Thanks