Re: Host based authentication and SSH CA.

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Tue, 4 Nov 2014, Peter Ankerst?l wrote:

> Hi,
> 
> Im currently deploying signed host keys for my environment. Everything seems
> to work fine but I have one problem with host based authentication.
> 
> Im running OpenSSH_6.5p1, OpenSSL 1.0.1e-fips 11 Feb 2013 on RHEL 6.5.
> 
> When trying to login between hosts with host-based authentication configured I
> cant do so if the host is not in /etc/ssh_knows_hosts. If its there it works
> even if the public key is wrong. It should be enough to have a single
> "@cert-authority" line in ssh_known_hosts right?

I don't think host-based auth has ever been properly tested with certified
keys (unfortunately, it's barely tested generally due to the difficulty of
writing a test script for it). It's entirely possible that there are bugs
there.

Please file a report at https://bugzilla.mindrot.org/ and include the
config files in question and I'll take a look when I have some time next.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux