2808 – Unable to add certificates to agent when using PKCS#11 backed keys.

Bug 2808 - Unable to add certificates to agent when using PKCS#11 backed keys.

Summary: Unable to add certificates to agent when using PKCS#11 backed keys.

Status:	ASSIGNED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	ssh-agent (show other bugs)
Version:	7.4p1
Hardware:	amd64 Linux

Importance:	P5 enhancement
Assignee:	Assigned to nobody

URL:
Keywords:	pkcs11

Depends on:
Blocks:

Reported:	2017-12-07 19:37 AEDT by Peter
Modified:	2019-01-22 21:06 AEDT (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Peter 2017-12-07 19:37:47 AEDT

I use a combination of Yubikeys and OpenSSH certificates to authenticate in my environment. But when I want to use my ssh-agent to bring my keys and certificates with me I have some problems. I cant find a way to actually add the certificate to the agent when my keys are stored on a PKCS#11 device.

Comment 1 Peter 2018-01-19 00:03:25 AEDT

This seems to be handeled by this ticket:
https://bugzilla.mindrot.org/show_bug.cgi?id=2472

Comment 2 Damien Miller 2019-01-22 21:06:32 AEDT

BTW You can use certificates in ssh already using keys stored in an agent or token. Certificates are grafted to external keys at authentication time if they are available.