On Thursday, March 17, 2005 09:18:57 PM -0500 der Mouse <mouse%Rodents.Montreal.QC.CA@localhost> wrote:
There is no reason why SSH_AGENT_ADD_KEY has to be the only mechanism for rendering the agent capable of handling a PRIVATE_KEY_OP request. An agent could easily have some private channel to a smartcard; such an agent might well come up with the appropriate key already installed, or might have it appear mid-run (as if some other client had added it, as far as all clients are concerned).
This is not just theoretical. I have been using a smartcard-enabled ssh agent for over a year, using off-the-shelf components from OpenSSH, OpenSC, and PCSC-Lite.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+%cmu.edu@localhost> Sr. Research Systems Programmer School of Computer Science - Research Computing Facility Carnegie Mellon University - Pittsburgh, PA