Comments (6)
can confirm that GPT is wrong about this, and also I found this which suggests it could be either this program or my own malconfiguration:
https://stackoverflow.com/questions/47679715/why-ssh-agent-doesnt-forward-my-ssh-certificate
from ssh-tpm-agent.
from ssh-tpm-agent.
Is the issue here that ssh-tpm-agent
doesn't support the SSH Certificate keys or that forwarding with ssh-tpm-agent as a ssh-agent proxy isn't working correctly?
from ssh-tpm-agent.
i am not sure how i would tell. the certificate key private component is just a plain private key. the only thing different about a certificate as opposed to a regular pub key in ssh is that it has been signed by a CA instead of it's own private component. the way I can tell that the certificate is not forwarding is that when I ssh with a forwarded agent, and then check the agent with ssh-add -l
only the public key itself is forwarded (certs have a ALGO-CERT tag and all I get is ALGO, indicating the raw pubkey).
I confirm my suspicions by logging onto different machines from the jump. machines which trust the CA fail, machines which directly trust the pubkey succeed.
from ssh-tpm-agent.
is there any info or resources i can provide to advance this issue? I'd like very much to be able to use this instead of pkcs11 for user certificates but I haven't been able to crack it.
from ssh-tpm-agent.
I need time to actually read up and understand the certificate implementation to figure out what the current code is missing. Atm its very fuzzy for what needs to be done.
Currently busy hacking on some other code I have so not sure when I'll get to this. But its high on my list.
from ssh-tpm-agent.
Related Issues (20)
- PCR binding support HOT 15
- Problem when proxying agent, breaks at one point HOT 2
- Don't add suffix if user added it already HOT 1
- Load key "/home/jc/.ssh/hh-8192_rsa.tpm": error in libcrypto HOT 3
- Integrity check failed
- Cannot import ecdsa-sha2-nistp384 HOT 5
- host key functionality fails HOT 5
- user key functionality fails HOT 18
- ssh-tpm-add does not have -l functionality HOT 2
- Ed25519 key type support HOT 1
- ArchLinux package doesn't set the executable bit on install
- ssh-tpm-agent --print socket prints value of $SSH_AUTH_SOCK and not its own socket HOT 2
- Change PIN HOT 6
- 0.3.0: default key length not valid HOT 11
- 0.3.0: absolute paths are rewritten
- pinentry uses a non-descriptive name HOT 1
- Support SSH_ASKPASS
- [0.3.0-1] TPM key is in an old format. Will not load it. HOT 2
- Error when running `ssh-tpm-keygen`: `open /dev/tpmrm0: permission denied` HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ssh-tpm-agent.