Hi,
There are a few minor tweaks I would like to suggest regrading the recently
added
TrustedUserCAKeys section in sshd_config(5).
TrustedUserCAKeys
Specifies a file containing public keys of certificate authorities
that are
trusted sign user certificates for authentication. Keys are listed
one per
line, empty lines and comments starting with '#' are
allowed. If a cer-
tificate is presented for authentication and has its signing CA key
listed
in this file, then it may be used for authentication for any user
listed in
the certificate's principals list. Note that certificates that
lack a list
of principals will not be permitted for authentication using
TrustedUserCAKeys. For more details in certificates, please see
the
CERTIFICATES section in ssh-keygen(1).
Replace "trusted sign user" with "trusted to sign user."
Also, the next sentence
should probably be split into two sentences to avoid a run-on: "Keys are
listed
one per line. Empty lines and comments..." Lastly, "more details in
certificates" should be "more details on certificates."
--
Iain Morgan
On Thu, 4 Mar 2010, Iain Morgan wrote:> Hi, > > There are a few minor tweaks I would like to suggest regrading the > Trecently added rustedUserCAKeys section in sshd_config(5). > > TrustedUserCAKeys Specifies a file containing public keys of > certificate authorities that are trusted sign user certificates > for authentication. Keys are listed one per line, empty lines > and comments starting with '#' are allowed. If a cer- tificate > is presented for authentication and has its signing CA key > listed in this file, then it may be used for authentication > for any user listed in the certificate's principals list. Note > that certificates that lack a list of principals will not be > permitted for authentication using TrustedUserCAKeys. For more > details in certificates, please see the CERTIFICATES section in > ssh-keygen(1). > > Replace "trusted sign user" with "trusted to sign user." Also, the > next sentence should probably be split into two sentences to avoid a > run-on: "Keys are listed one per line. Empty lines and comments..." > Lastly, "more details in certificates" should be "more details on > certificates."Jason McIntyre (manpage whacker supreme) already found and fixed these :) -d
Possibly Parallel Threads
- Using multiple certificates for a given private key
- would it be possible to extend TrustedUserCAKeys so that certain keys could not be used to authenticate a particular user?
- ssh certificate usage
- SSH certificates - restricting to host groups
- client host certificates and receiving host configuration