Displaying 6 results from an estimated 6 matches for "privatekeycommand".
2024 Mar 10
3
PrivateKeyCommand config idea
...ass,
> or running into problems when trying to do agent-forwarding with
> gpg-backed keys on non-Linux OSes. Even on Linux, I think such a
> workflow can be a bit flaky at times.
>
> I wondered if there would be support for adding a new configuration
> option called something like PrivateKeyCommand, analogous to existing
> "*Command" configs like AuthorizedKeysCommand. In practice I imagine
> it looks like this:
>
> Host gerrit.example.com
> PrivateKeyCommand pass show ssh/gerrit_ed25519
>
> I suppose another possibility for the name could be IdentityComm...
2024 Mar 08
3
PrivateKeyCommand config idea
...o get the passphrase out of Pass, or running into problems when trying to do agent-forwarding with gpg-backed keys on non-Linux OSes. Even on Linux, I think such a workflow can be a bit flaky at times.
I wondered if there would be support for adding a new configuration option called something like PrivateKeyCommand, analogous to existing "*Command" configs like AuthorizedKeysCommand. In practice I imagine it looks like this:
Host gerrit.example.com
PrivateKeyCommand pass show ssh/gerrit_ed25519
I suppose another possibility for the name could be IdentityCommand, analogous to IdentityFile....
2024 Mar 11
1
PrivateKeyCommand config idea
Hey Damien,
> Would you be able to do this using the ssh-agent protocol? It's
> relatively easy to make custom agent implentations for special use
> cases, e.g. using https://pkg.go.dev/golang.org/x/crypto/ssh/agent#Agent
Hmm, okay, I just realized the protocol has a full specification at https://datatracker.ietf.org/doc/html/draft-miller-ssh-agent. Would it be possible to get that
2024 Mar 12
0
PrivateKeyCommand config idea
BTW not for your usecase with the decryption, but if people want to dynamically create/provision short lived
keys, they could use ?match host * exec gen-key.sh %s? config to run a program before each connection.
However it can?t stdout the key material, but what it could do is update a temporary Idendity file or
push it short-lived with ssh-add to the running (standard) agent.
openssh at tr.id.au
2024 Mar 12
1
PrivateKeyCommand config idea
BTW not for your usecase with the decryption, but if people want to dynamically create/provision short lived
keys, they could use ?match host * exec gen-key.sh %s? config to run a program before each connection.
However it can?t stdout the key material, but what it could do is update a temporary Idendity file or
push it short-lived with ssh-add to the running (standard) agent.
openssh at tr.id.au
2024 Mar 12
1
PrivateKeyCommand config idea
On Mon, Mar 11, 2024, at 6:05 PM, Bernd Eckenfels wrote:
> BTW not for your usecase with the decryption, but if people want to
> dynamically create/provision short lived
> keys, they could use ?match host * exec gen-key.sh %s? config to run a
> program before each connection.
> However it can?t stdout the key material, but what it could do is
> update a temporary Idendity file