You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)
Issue details
When using step CLI's SSH certificate functionality (namely proxycommand) with a non-vanilla SSH agent, like gpg-agent, step CLI fails to read the certificate from the agent, forcing the CLI to request a new certificate every authentication attempt.
Why is this needed?
Some users use gpg-agent instead of the default ssh-agent (usually for smartcard support.)
Potential workaround
I worked around this issue by taking the following approach:
Configure my shell to start a vanilla ssh-agent process on launch (or find the existing one) and,
Store the socket for that agent in an environment variable different from SSH_AUTH_SOCK (like SSH_AUTH_SOCK_VANILLA)
Configure my SSH config to use that environment variable during proxycommand invocation:
Hi @ weaversam8, AFAIK gpg-agent does not support ssh certificates, there might be some workarounds, but I'm not sure if they work. See https://dev.gnupg.org/T1756
Hello!
Issue details
When using step CLI's SSH certificate functionality (namely
proxycommand
) with a non-vanilla SSH agent, likegpg-agent
, step CLI fails to read the certificate from the agent, forcing the CLI to request a new certificate every authentication attempt.Why is this needed?
Some users use
gpg-agent
instead of the defaultssh-agent
(usually for smartcard support.)Potential workaround
I worked around this issue by taking the following approach:
ssh-agent
process on launch (or find the existing one) and,SSH_AUTH_SOCK
(likeSSH_AUTH_SOCK_VANILLA
)IdentityAgent
parameter:The text was updated successfully, but these errors were encountered: