On Wed, Feb 3, 2021 at 4:32 AM Wim S <wimsharing@xxxxxxxxx> wrote: > I don't seem to find a way to specify that one of the pubkey in > AuthenticationMethods pubkey,pubkey should be a valid ssh certificate. > > Is there maybe any other way to enforce this ? it looks like there are a number of ways you can do this: 1. You can set TrustedUserCAKeys to a valid ca pubkey file and set AuthorizedKeysFile to something like /etc/ssh/empty 2. You can set PubkeyAcceptedKeyTypes to a cert type. I think both of these will work either globally or in a Match block. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
