I suspect the answer to this is no, but say I have a setup where I have a server with a shared user account and I want anyone with a valid cert to be able to use that shared user. Is there a wildcard AuthorizedPrincipal I can specify in my sshd_config to mean, "any user"? Alternatively, is there a way I can see the valid principals that the incoming cert has in the AuthorizedPrincipalsCommand? It didn't appear to be possible with the available TOKENS. I would like to not have to enumerate every possible user because the posix accounts don't exist on this shared machine and getting a complete list of principals should be unnecessary considering our certificate authority has validated the user(s) Cheers, peter _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev