search for: allowed_keys

...y_files; +static size_t nidentity_files; + /* This is set to the passphrase if given on the command line. */ static char *identity_passphrase = NULL; @@ -2803,16 +2807,17 @@ done: static int sig_verify(const char *signature, const char *sig_namespace, - const char *principal, const char *allowed_keys, const char *revoked_keys, - char * const *opts, size_t nopts) + const char *principal, char **allowed_keys, size_t nallowed_keys, + const char *revoked_keys, char * const *opts, size_t nopts) { - int r, ret = -1; + int r, ret = -1, matched = 0; int print_pubkey = 0; struct sshbuf *si...

Hello, I'm currently evaluating using `ssh-keygen -Y verify` to check OS artifacts (e.g. packages) and I noticed that the `-f allowed_signers_file` option can be passed only once. A side remark: technically it can be passed multiple times without a warning but the last invocation overrides all previous ones. Tested using: $ ssh-keygen -Y verify -f allowed_signers -f /dev/null -n file -s

...oot via sulog and or external logging 2/ Protect root even if the root password is compromised 3/ Limit to a list of users who can access root To acheive the functional equivalent of this in ssh we require: rlogin still false to stop telnet connections, but ssh still allowing connections A set of allowed_keys that effectively would be an su group A tracking by ssh of which key allowed access at connection time ( ie an sulog equivelent ) ie: "ssh: root access granted via key joeblow at jupiter at 12:34" It is then possible for me to demonstrate to management that we do not require every admi...