Bug 3212 - Ability to add ssh certificate to ssh agent to existing private key without rereading private key from filesystem
Summary: Ability to add ssh certificate to ssh agent to existing private key without r...
Status: NEW
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh-add (show other bugs)
Version: 8.2p1
Hardware: amd64 Linux
: P5 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-09-10 01:30 AEST by George Shuklin
Modified: 2021-06-01 14:18 AEST (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description George Shuklin 2020-09-10 01:30:03 AEST
Currently the single way to add a ssh certificate to the ssh agent is to re-add the private key with corresponding certificate file saved in the same directory (with -cert.pub suffix).

Some IT systems use short-lived dynamic ssh certificates. To automate allocations of certificates it would be really nice to have ability to add ssh certificate to an existing (in the ssh agent) private key, preferably from stdin.

If ssh private key is encrypted (which is advised configuration for private keys), adding a certificate together with a private key.
1) impossible to automate.
2) cause excessive typing of the password for users.

Proposition: add ability to add a certificate to the ssh agent without re-reading private key.

Proposed command line to ssh-add:

- C public_key cert_file     Add certificate to the agent based on public_key. '-' instead of cert_file indicating of use of stdin.