Giter VIP home page Giter VIP logo

Comments (6)

sevenrats avatar sevenrats commented on May 29, 2024

can confirm that GPT is wrong about this, and also I found this which suggests it could be either this program or my own malconfiguration:
https://stackoverflow.com/questions/47679715/why-ssh-agent-doesnt-forward-my-ssh-certificate

from ssh-tpm-agent.

sevenrats avatar sevenrats commented on May 29, 2024

https://github.com/openssh/openssh-portable/blob/22376d27a349f62c502fec3396dfe0fdcb2a40b7/ssh-add.c#L290

from ssh-tpm-agent.

Foxboron avatar Foxboron commented on May 29, 2024

Is the issue here that ssh-tpm-agent doesn't support the SSH Certificate keys or that forwarding with ssh-tpm-agent as a ssh-agent proxy isn't working correctly?

from ssh-tpm-agent.

sevenrats avatar sevenrats commented on May 29, 2024

i am not sure how i would tell. the certificate key private component is just a plain private key. the only thing different about a certificate as opposed to a regular pub key in ssh is that it has been signed by a CA instead of it's own private component. the way I can tell that the certificate is not forwarding is that when I ssh with a forwarded agent, and then check the agent with ssh-add -l only the public key itself is forwarded (certs have a ALGO-CERT tag and all I get is ALGO, indicating the raw pubkey).
I confirm my suspicions by logging onto different machines from the jump. machines which trust the CA fail, machines which directly trust the pubkey succeed.

from ssh-tpm-agent.

sevenrats avatar sevenrats commented on May 29, 2024

is there any info or resources i can provide to advance this issue? I'd like very much to be able to use this instead of pkcs11 for user certificates but I haven't been able to crack it.

from ssh-tpm-agent.

Foxboron avatar Foxboron commented on May 29, 2024

I need time to actually read up and understand the certificate implementation to figure out what the current code is missing. Atm its very fuzzy for what needs to be done.

Currently busy hacking on some other code I have so not sure when I'll get to this. But its high on my list.

from ssh-tpm-agent.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.