Hi all--
The CERTIFICATES section of ssh-keygen(1) says:
For certificates to be used for user or host authentication, the CA
public key must be trusted by sshd(8) or ssh(1). Please refer to
those manual pages for details.
For sshd(8) (and sshd_config(5)) i've found TrustedUserCAKeys, but
ssh(1) and ssh_config(5) doesn't appear to have an equivalent directive.
i am considering using OpenSSH certificates for clients to authenticate
hosts within a domain (so i want to sequester this directive within a
Match stanza), and i don't want to grant "trust" to a certificate
authority outside of the zone i know it should be scoped to.
I've also run "strings /usr/bin/ssh | grep -i trust" but i don't see
anything that looks promising there either :/
Thanks for any pointers you can give!
--dkg
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
