Page MenuHome GnuPG

gpg-agent doesn't pick up ssh certificates
Closed, DuplicatePublic


Although this isn't needed locally since ssh automatically picks up
id_*, the forwarded agent (ssh -A) does not know about the
certificates and won't forward them to the remote host.

This is currently blocking me sshing via bastion boxes.



Event Timeline

There is request to add support for ssh-certs to gpg-agent: T1756. Right now gpg-agent can only extract the public key from the certificiates and nothing more. The gpg-agent speaks the ssh-agent protocol and as such does not know anything about files uses by ssh to store certificates.