3212 – Ability to add ssh certificate to ssh agent to existing private key without rereading private key from filesystem

Bug 3212 - Ability to add ssh certificate to ssh agent to existing private key without rereading private key from filesystem

Summary: Ability to add ssh certificate to ssh agent to existing private key without r...

Status:	NEW

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	ssh-add (show other bugs)
Version:	8.2p1
Hardware:	amd64 Linux

Importance:	P5 enhancement
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-09-10 01:30 AEST by George Shuklin
Modified:	2021-06-01 14:18 AEST (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description George Shuklin 2020-09-10 01:30:03 AEST

Currently the single way to add a ssh certificate to the ssh agent is to re-add the private key with corresponding certificate file saved in the same directory (with -cert.pub suffix).

Some IT systems use short-lived dynamic ssh certificates. To automate allocations of certificates it would be really nice to have ability to add ssh certificate to an existing (in the ssh agent) private key, preferably from stdin.

If ssh private key is encrypted (which is advised configuration for private keys), adding a certificate together with a private key.
1) impossible to automate.
2) cause excessive typing of the password for users.

Proposition: add ability to add a certificate to the ssh agent without re-reading private key.

Proposed command line to ssh-add:

- C public_key cert_file     Add certificate to the agent based on public_key. '-' instead of cert_file indicating of use of stdin.