search for: key_only

...0) + fprintf(stderr, "Lifetime set to %d seconds\n", lifetime); + if (confirm != 0) + fprintf(stderr, "The user must confirm each use of the key\n"); + out: + free(comment); + sshkey_free(cert); + + return ret; +} + +static int add_file(int agent_fd, const char *filename, int key_only) { struct sshkey *private, *cert; @@ -445,13 +488,16 @@ lock_agent(int agent_fd, int lock) } static int -do_file(int agent_fd, int deleting, int key_only, char *file) +do_file(int agent_fd, int deleting, int key_only, int cert_only, char *file) { if (deleting) { if (delete_file(agent_f...

Hello, With the introduction of SSH_ASKPASS_REQUIRE in version 8.4, I've set up a script for SSH_ASKPASS to query my local passwordstore (https://www.passwordstore.org/) vault to retrieve the password for a given key. This works for ssh-add as well as ssh (configured with AddKeysToAgent set to 'yes'). My workflow effectively transforms into entering the password for the GPG key used

Engine keys are private key files which are only understood by openssl external engines. ?The problem is they can't be loaded with the usual openssl methods, they have to be loaded via ENGINE_load_private_key(). ?Because they're files, they fit well into openssh pub/private file structure, so they're not very appropriately handled by the pkcs11 interface because it assumes the private

I've architected this in a way that looks future proof at least to the openssl provider transition. What will happen in openssl 3.0.0 is that providers become active and will accept keys via URI. The current file mechanisms will still be available but internally it will become a file URI. To support the provider interface, openssl will have to accept keys by URI instead of file and may

Hi, I have not found any way to use a Certificate with ssh-agent when my Key is stored on a pkcs11 device. I can add my key with ssh-add -s /usr/local/lib/opensc-pkcs11.so but ssh-add -s /usr/local/lib/opensc-pkcs11.so ~/.ssh/mykey-cert.pub does not add the certificate to my agent. As far as I undestand, in ssh-add.c line 580 if (pkcs11provider != NULL) { if (update_card(agent_fd,

...(ret != SSH_AGENT_SUCCESS) { + fprintf(stderr, "failed to add engine key: %s\n", ssh_err(ret)); + } else { + fprintf(stderr, "Engine Identity added: %s\n", file); + } + if (pin) + free (pin); + return ret; +} + static int delete_file(int agent_fd, const char *filename, int key_only, int qflag) { @@ -609,6 +632,9 @@ usage(void) #ifdef WITH_XMSS " [-M maxsign] [-m minleft]\n" #endif +#ifdef USE_OPENSSL_ENGINE +" [-o engine]\n" +#endif " [file ...]\n" " ssh-add -s pkcs11\n" "...