Closed chriseldredge closed 1 year ago
maxgoedjen
commented
1 year ago @chriseldredge nice – thanks!
I'm not personally a certs user so I don't have direct experience in the mechanics of this one – is it correct to returns they key identities before the certs ones? My intuition would be that the certs should be offered first, but I'm really not sure there.
chriseldredge
commented
1 year ago I’m not an expert either but can observe what happens in my configuration. As noted in #452, OpenSSH lists the public key first, so I mimicked that order.
I suspect this doesn’t matter much in practice, as most servers will either accept the certificate or the public key, usually not both, and in either situation the same private key gets used anyway.
maxgoedjen
commented
1 year ago I’m not an expert either but can observe what happens in my configuration. As noted in https://github.com/maxgoedjen/secretive/issues/452, OpenSSH lists the public key first, so I mimicked that order.
Good enough for me, thanks!
This PR modifies
Agent.identities()to return certificates in addition to keys, rather than returning only the certificate. This makes Secretive behave similarly to OpenSSH ssh-agent and addresses difficulties using the agent in scenarios where a private key can be used for authentication against a given remote server directly without the certificate.Fixes #452.