PuTTY wish ssh2-openssh-certkey-fallback-pageant

This is a mirror. Follow this link to find the primary PuTTY web site.

Home | FAQ | Feedback | Licence | Updates | Mirrors | Keys | Links | Team
Download: Stable · Snapshot | Docs | Changes | Wishlist

summary: Pageant could automatically add the uncertified version when loading a certified SSH key
class: wish: This is a request for an enhancement.
difficulty: fun: Just needs tuits, and not many of them.
priority: low: We aren't sure whether to fix this or not.

If you load a public key with an OpenSSH certificate in Pageant, it's possible (in fact, easy) for Pageant to reconstruct the uncertified version of the public key. So it could be made to automatically do so, and present that as an alternative when the next client tried to list the keys.

This definitely shouldn't be done unconditionally, for the same reasons as in ssh2-openssh-certkey-fallback. But it could be made a configurable option in Pageant.

I don't currently (as of 2022-08-06) plan to do this proactively, but I record the possibility here to see if anyone else thinks it would be useful.

If you want to comment on this web site, see the Feedback page.
Audit trail for this wish.
(last revision of this bug record was at 2022-08-06 12:05:49 +0100)