You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In README's "Alternatives" section, regarding to the use of ssh-agent, the paragraph about macOS assumes the need for a third-party PKCS#11 library and reasonably talks about its UX issues regarding library load path allow list.
The ssh-agent that ships with macOS (which is pretty cool, as it starts on demand and is preconfigured in the environment) also has restrictions on where the .so modules can be loaded from. It can see through symlinks, so a Homebrew-installed /usr/local/lib/libykcs11.dylib won't work, while a hard copy at /usr/local/lib/libykcs11.copy.dylib will.
On the other hand, macOS already ships with a PKCS#11 support library at /usr/lib/ssh-keychain.dylib that can be used by OpenSSH. As of macOS Catalina it only supports RSA keys but otherwise is functional.
Do you think this paragraph is still pertinent? I can put a PR mentioning /usr/lib/ssh-keychain.dylib and just remove this paragraph to keep things simple.
The text was updated successfully, but these errors were encountered:
In README's "Alternatives" section, regarding to the use of ssh-agent, the paragraph about macOS assumes the need for a third-party PKCS#11 library and reasonably talks about its UX issues regarding library load path allow list.
On the other hand, macOS already ships with a PKCS#11 support library at
/usr/lib/ssh-keychain.dylib
that can be used by OpenSSH. As of macOS Catalina it only supports RSA keys but otherwise is functional.Do you think this paragraph is still pertinent? I can put a PR mentioning
/usr/lib/ssh-keychain.dylib
and just remove this paragraph to keep things simple.The text was updated successfully, but these errors were encountered: