On Tue, 22 Oct 2019, Bergner, Jan, A-SCM-CIM-SD wrote: > > I think the best you could do at present if you want host keys > > signed by different CA is to choose different types of host key > > (e.g. ecdsa vs ed25519), get one type signed by one CA and the other > > by the other CA, and configure the clients to prefer the key type > > corresponding to the CA that they expect. It's not a great solution, > > but it would probably work. > Okay. > Would I specify that in sshd_config with multiple HostCertificate- > statements or would I rather have multiple signed keys in one file? > (One signature each line?) Multiple HostCertificate statements - OpenSSH doesn't support multiple host keys in a single file. Cheers, Damien _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
