Re: Host based authentication and SSH CA.

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Fri, 7 Nov 2014, Peter Ankerst?l wrote:

> > 	What principals (if any) are associated with the host cert?
> 
> Right now i dont have any principals at all in the host cert.

That's likely the problem then. The principals should list the
hostname(s) of the server.

(I agree that the documentation here is terrible).

> > If I recall correctly, sshd will use the FQDN when validating the key or
> > certificate offered by the client. Thus, if you specified any principals
> > for the certificate, the list must include the FQDN and the pattern for
> > teh @cert-authority entry needs to also match the FQDN.
> 
> When logging with key based authentication the host CA works fine.
> 
> debug1: Host 'm3' is known and matches the ECDSA-CERT host certificate.
> debug1: Found CA key in /etc/ssh/ssh_known_hosts:1
> 
> But when doing hostbased authentication it first gives me those two lines but
> then tries to look for m3 specifically in ssh_known_hosts.

That's strange - I'll take a look via the bug.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux