Yegor Ievlev
2018-May-25 04:51 UTC
Suggestion: Deprecate SSH certificates and move to X.509 certificates
Zero matches in both. https://linux.die.net/man/5/sshd_config https://linux.die.net/man/5/ssh_config On Fri, May 25, 2018 at 7:48 AM, Damien Miller <djm at mindrot.org> wrote:> On Fri, 25 May 2018, Yegor Ievlev wrote: > >> Please tell me in technical details how current revocation support >> works, or give links. Then I will be able to give an answer. > > Please search for "revoke" in the ssh_config and sshd_config manual pages. >
Damien Miller
2018-May-25 05:05 UTC
Suggestion: Deprecate SSH certificates and move to X.509 certificates
On Fri, 25 May 2018, Yegor Ievlev wrote:> Zero matches in both. > https://linux.die.net/man/5/sshd_config > https://linux.die.net/man/5/ssh_configYou're referring to manual pages that we don't publish. I have no idea what version those are (they look old) or what modification the publisher has made along the way. Start here: https://www.openssh.com/manual.html
Peter Moody
2018-May-25 05:35 UTC
Suggestion: Deprecate SSH certificates and move to X.509 certificates
On Thu, May 24, 2018 at 9:51 PM, Yegor Ievlev <koops1997 at gmail.com> wrote:> Zero matches in both. > https://linux.die.net/man/5/sshd_config > https://linux.die.net/man/5/ssh_config> BSD April 14, 2013 BSDtry something fresher. https://man.openbsd.org/sshd_config https://man.openbsd.org/ssh_config> On Fri, May 25, 2018 at 7:48 AM, Damien Miller <djm at mindrot.org> wrote: >> On Fri, 25 May 2018, Yegor Ievlev wrote: >> >>> Please tell me in technical details how current revocation support >>> works, or give links. Then I will be able to give an answer. >> >> Please search for "revoke" in the ssh_config and sshd_config manual pages. >> > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Yegor Ievlev
2018-May-25 05:35 UTC
Suggestion: Deprecate SSH certificates and move to X.509 certificates
OpenSSH needs some mechanism to distribute signed revoked key lists to all servers trusting this root CA. On Fri, May 25, 2018 at 8:05 AM, Damien Miller <djm at mindrot.org> wrote:> On Fri, 25 May 2018, Yegor Ievlev wrote: > >> Zero matches in both. >> https://linux.die.net/man/5/sshd_config >> https://linux.die.net/man/5/ssh_config > > You're referring to manual pages that we don't publish. I have no idea > what version those are (they look old) or what modification the publisher > has made along the way. > > Start here: https://www.openssh.com/manual.html
Darren Tucker
2018-May-25 09:06 UTC
Suggestion: Deprecate SSH certificates and move to X.509 certificates
On 25 May 2018 at 15:05, Damien Miller <djm at mindrot.org> wrote:> Start here: https://www.openssh.com/manual.htmlOr for the (reverse chronological) blow-by-blow https://www.openssh.com/releasenotes.html and ctrl-F for "revoke" and "revocation". I recently added some markup so the man pages are only one click away. -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.