Bug 3462 - Dynamically load resident keys from smartcard (to work with AddKeysToAgent)
Summary: Dynamically load resident keys from smartcard (to work with AddKeysToAgent)
Status: NEW
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: 9.0p1
Hardware: Other Linux
: P5 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-07-14 00:24 AEST by Max Gautier
Modified: 2022-07-14 00:24 AEST (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Max Gautier 2022-07-14 00:24:32 AEST 
This a feature request to support dynamically loading so-called "resident keys" from hardware token, and adding it to the ssh-agent.

When using an on disk key:

# ssh agent was started 
# AddKeysToAgent set to yes in ~/.ssh/config

ssh user@host
Enter passphrase:
Added key to agent
# Connection proceed and next connection does no ask for passphrase

----
# When using a resident keys (not requiring PIN, requiring user presence check), key handle is not present on disk.

# ssh agent was started 

ssh-add -K
Enter PIN:
Resident identity added: <key>

ssh user@host
# Connection proceed and next connection do no ask for passphrase

Would it be possible to eliminate the need for the ssh-add -K, and try to use resident keys for connected tokens, and then add them to the agent ? Is that something openssh could/should support at all ?

Thanks