openssh bugs - Sep 2020 - [Bug 3212] New: Ability to add ssh certiicate to ssh agent to existing private key without rereading private key from filesystem

https://bugzilla.mindrot.org/show_bug.cgi?id=3212

            Bug ID: 3212
           Summary: Ability to add ssh certiicate to ssh agent to existing
                    private key without rereading private key from
                    filesystem
           Product: Portable OpenSSH
           Version: 8.2p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh-add
          Assignee: unassigned-bugs at mindrot.org
          Reporter: george.shuklin at gmail.com

Currently the single way to add a ssh certificate to the ssh agent is
to re-add the private key with corresponding certificate file saved in
the same directory (with -cert.pub suffix).

Some IT systems use short-lived dynamic ssh certificates. To automate
allocations of certificates it would be really nice to have ability to
add ssh certificate to an existing (in the ssh agent) private key,
preferably from stdin.

If ssh private key is encrypted (which is advised configuration for
private keys), adding a certificate together with a private key.
1) impossible to automate.
2) cause excessive typing of the password for users.

Proposition: add ability to add a certificate to the ssh agent without
re-reading private key.

Proposed command line to ssh-add:

- C public_key cert_file     Add certificate to the agent based on
public_key. '-' instead of cert_file indicating of use of stdin.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3212

George Shuklin <george.shuklin at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|Ability to add ssh          |Ability to add ssh
                   |certiicate to ssh agent to  |certificate to ssh agent to
                   |existing private key        |existing private key
                   |without rereading private   |without rereading private
                   |key from filesystem         |key from filesystem

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3212

gl041188 at gmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |gl041188 at gmail.com

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3212

????????? <gotov27 at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Hardware|amd64                       |All
                 OS|Linux                       |All

-- 
You are receiving this mail because:
You are watching the assignee of the bug.