bugzilla-daemon at bugzilla.mindrot.org
2019-Jul-01 18:56 UTC
[Bug 3028] New: Discrepancy with URL man pages.
https://bugzilla.mindrot.org/show_bug.cgi?id=3028 Bug ID: 3028 Summary: Discrepancy with URL man pages. Product: Portable OpenSSH Version: 7.4p1 Hardware: ix86 OS: Linux Status: NEW Severity: trivial Priority: P5 Component: ssh-keygen Assignee: unassigned-bugs at mindrot.org Reporter: donald.p.richards1 at aexp.com For the man pages under the URL, https://man.openbsd.org/ssh-keygen, the option -U states: -U When used in combination with -s, this option indicates that a CA key resides in a ssh-agent(1). See the CERTIFICATES section for more information. Under the CERTIFICATES section, https://man.openbsd.org/ssh-keygen#CERTIFICATES, it states: Similarly, it is possible for the CA key to be hosted in a ssh-agent(1). This is indicated by the -U flag and, again, the CA key must be identified by its public half. $ ssh-keygen -Us ca_key.pub -I key_id user_key.pub In all cases, key_id is a "key identifier" that is logged by the server when the certificate is used for authentication. I have a use case in which having a Certificates Authority's private key loaded in the ssh-agent would be very beneficial (i.e. not having the private key unsecured), and then using it to sign ssh host certificates using "ssh-keygen -Us ca_key.pub -h -I key_id host_key.pub" -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2019-Jul-01 19:34 UTC
[Bug 3028] Discrepancy with URL man pages.
https://bugzilla.mindrot.org/show_bug.cgi?id=3028 --- Comment #1 from donald.p.richards1 at aexp.com --- I believe I found that ssh-keygen was updated to include -U at version 7.6/7.6p1. * ssh-keygen(1): allow ssh-keygen to use a key held in ssh-agent as a CA when signing certificates. bz#2377 -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2019-Jul-12 04:24 UTC
[Bug 3028] Discrepancy with URL man pages.
https://bugzilla.mindrot.org/show_bug.cgi?id=3028 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |WORKSFORME CC| |djm at mindrot.org Status|NEW |RESOLVED --- Comment #2 from Damien Miller <djm at mindrot.org> --- If I'm reading this correctly, you've figured this out already and were trying to use a feature added in a newer release of OpenSSH than the one you had at hand. As such, I'll close this bug. If I've misread the situation then please feel free to reopen. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2021-Mar-03 22:54 UTC
[Bug 3028] Discrepancy with URL man pages.
https://bugzilla.mindrot.org/show_bug.cgi?id=3028 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #3 from Damien Miller <djm at mindrot.org> --- close bugs that were resolved in OpenSSH 8.5 release cycle -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.