Loading OpenSSH certificate into ssh-agent without the private key
Multi tool use
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
I'm storing my ssh keys on a yubikey and hence I don't have any private key file on disk. This gives me a problem when I'm also using OpenSSH Certificates to authenticate. If I would like to bring the certificate with me using the ssh-agent I need to add it to the agent some how.
This is done automatically if I have a private key called priv and a cert called priv-cert.pub. But since I don't have a file I cant find a way to add the certificate file to the agent.
Does anyone have a clue how to do this?
It seems there is no support for this, I found this feature request: https://bugzilla.mindrot.org/show_bug.cgi?id=2472
ssh openssh ssh-agent
asked Dec 7 '17 at 8:34
Peter
1064
add a comment |Â
up vote
1
down vote
favorite
I'm storing my ssh keys on a yubikey and hence I don't have any private key file on disk. This gives me a problem when I'm also using OpenSSH Certificates to authenticate. If I would like to bring the certificate with me using the ssh-agent I need to add it to the agent some how.
This is done automatically if I have a private key called priv and a cert called priv-cert.pub. But since I don't have a file I cant find a way to add the certificate file to the agent.
Does anyone have a clue how to do this?
It seems there is no support for this, I found this feature request: https://bugzilla.mindrot.org/show_bug.cgi?id=2472
ssh openssh ssh-agent
asked Dec 7 '17 at 8:34
Peter
1064
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I'm storing my ssh keys on a yubikey and hence I don't have any private key file on disk. This gives me a problem when I'm also using OpenSSH Certificates to authenticate. If I would like to bring the certificate with me using the ssh-agent I need to add it to the agent some how.
This is done automatically if I have a private key called priv and a cert called priv-cert.pub. But since I don't have a file I cant find a way to add the certificate file to the agent.
Does anyone have a clue how to do this?
It seems there is no support for this, I found this feature request: https://bugzilla.mindrot.org/show_bug.cgi?id=2472
ssh openssh ssh-agent
asked Dec 7 '17 at 8:34
Peter
1064
I'm storing my ssh keys on a yubikey and hence I don't have any private key file on disk. This gives me a problem when I'm also using OpenSSH Certificates to authenticate. If I would like to bring the certificate with me using the ssh-agent I need to add it to the agent some how.
This is done automatically if I have a private key called priv and a cert called priv-cert.pub. But since I don't have a file I cant find a way to add the certificate file to the agent.
Does anyone have a clue how to do this?
It seems there is no support for this, I found this feature request: https://bugzilla.mindrot.org/show_bug.cgi?id=2472
ssh openssh ssh-agent
asked Dec 7 '17 at 8:34
Peter
1064
edited Dec 7 '17 at 17:13
asked Dec 7 '17 at 8:34
Peter
1064
asked Dec 7 '17 at 8:34
Peter
1064
asked Dec 7 '17 at 8:34
Peter
1064
1064
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
Yubikey documentation mentions that you can add certificates to the ssh-agent here https://developers.yubico.com/PIV/Guides/SSH_user_certificates.html
edited Jun 5 at 14:54
Kusalananda
104k14206324
answered Jun 5 at 14:13
Evgeny
1,962176
No it does not. You can add pkcs11 providers but you cannot add certificate files without a corresponding key file on disk. There is a ticket in OpenSSH Bugzilla about it. bugzilla.mindrot.org/show_bug.cgi?id=2472
– Peter
Jun 5 at 14:26
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
Yubikey documentation mentions that you can add certificates to the ssh-agent here https://developers.yubico.com/PIV/Guides/SSH_user_certificates.html
edited Jun 5 at 14:54
Kusalananda
104k14206324
answered Jun 5 at 14:13
Evgeny
1,962176
No it does not. You can add pkcs11 providers but you cannot add certificate files without a corresponding key file on disk. There is a ticket in OpenSSH Bugzilla about it. bugzilla.mindrot.org/show_bug.cgi?id=2472
– Peter
Jun 5 at 14:26
add a comment |Â
up vote
0
down vote
Yubikey documentation mentions that you can add certificates to the ssh-agent here https://developers.yubico.com/PIV/Guides/SSH_user_certificates.html
edited Jun 5 at 14:54
Kusalananda
104k14206324
answered Jun 5 at 14:13
Evgeny
1,962176
No it does not. You can add pkcs11 providers but you cannot add certificate files without a corresponding key file on disk. There is a ticket in OpenSSH Bugzilla about it. bugzilla.mindrot.org/show_bug.cgi?id=2472
– Peter
Jun 5 at 14:26
add a comment |Â
up vote
0
down vote
up vote
0
down vote
Yubikey documentation mentions that you can add certificates to the ssh-agent here https://developers.yubico.com/PIV/Guides/SSH_user_certificates.html
edited Jun 5 at 14:54
Kusalananda
104k14206324
answered Jun 5 at 14:13
Evgeny
1,962176
Yubikey documentation mentions that you can add certificates to the ssh-agent here https://developers.yubico.com/PIV/Guides/SSH_user_certificates.html
edited Jun 5 at 14:54
Kusalananda
104k14206324
answered Jun 5 at 14:13
Evgeny
1,962176
edited Jun 5 at 14:54
Kusalananda
104k14206324
edited Jun 5 at 14:54
Kusalananda
104k14206324
edited Jun 5 at 14:54
Kusalananda
104k14206324
104k14206324
answered Jun 5 at 14:13
Evgeny
1,962176
answered Jun 5 at 14:13
Evgeny
1,962176
answered Jun 5 at 14:13
Evgeny
1,962176
1,962176
No it does not. You can add pkcs11 providers but you cannot add certificate files without a corresponding key file on disk. There is a ticket in OpenSSH Bugzilla about it. bugzilla.mindrot.org/show_bug.cgi?id=2472
– Peter
Jun 5 at 14:26
add a comment |Â
No it does not. You can add pkcs11 providers but you cannot add certificate files without a corresponding key file on disk. There is a ticket in OpenSSH Bugzilla about it. bugzilla.mindrot.org/show_bug.cgi?id=2472
– Peter
Jun 5 at 14:26
No it does not. You can add pkcs11 providers but you cannot add certificate files without a corresponding key file on disk. There is a ticket in OpenSSH Bugzilla about it. bugzilla.mindrot.org/show_bug.cgi?id=2472
– Peter
Jun 5 at 14:26
No it does not. You can add pkcs11 providers but you cannot add certificate files without a corresponding key file on disk. There is a ticket in OpenSSH Bugzilla about it. bugzilla.mindrot.org/show_bug.cgi?id=2472
– Peter
Jun 5 at 14:26
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f409423%2floading-openssh-certificate-into-ssh-agent-without-the-private-key%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password