On Tue, 22 Jun 2021, Christian, Mark wrote: > Wondering how I might be able to configure my ssh client or server so > that any one of my ssh certificates may be used for authentication? Are > there better ways to check for more than a couple certificates than by > increasing sshd_config MaxAuthTries? I was thinking ssh - > oCertificateFile could be used but I'm struggling to figure out how > since my ssh-agent is the only place where the certs and private keys > are located. > > Each certificate may have a different principal, policy or validity, > hence the multiple certificates. You should be able to use CertificateFile+IdentitiesOnly to control which agent-hosted certificates are offered. See sshconnect2.c:pubkey_prepare() for the gory details. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
