Hi,
we want to use ssh-tpm-agent for user SSH keys, which should reside on a central machine for policy reasons, which means users would need to login to thist host directly via ssh and then use the tpm-bound keys from there to connect to other hosts.
Currently, ssh-tpm-add doesn't prompt for the passphrase, but ssh-tpm-agent does, which works well for a desktop system, where you have a visual prompt from ssh-askpass. For ssh access, this fails (as also already stated in #115).
For the normal ssh agent this does work, since ssh-add will ask for the passphrase of the key when called on the commandline directly. It would be nice if ssh-tpm-add would also support asking for the passphrase when adding the key and not at the time of first usage.
Hi,
we want to use
ssh-tpm-agentfor user SSH keys, which should reside on a central machine for policy reasons, which means users would need to login to thist host directly via ssh and then use the tpm-bound keys from there to connect to other hosts.Currently,
ssh-tpm-adddoesn't prompt for the passphrase, butssh-tpm-agentdoes, which works well for a desktop system, where you have a visual prompt fromssh-askpass. For ssh access, this fails (as also already stated in #115).For the normal ssh agent this does work, since
ssh-addwill ask for the passphrase of the key when called on the commandline directly. It would be nice ifssh-tpm-addwould also support asking for the passphrase when adding the key and not at the time of first usage.