search for: allowedcertpurpose

...cert ../bin/ssh-keygen -y > ssh_host_key_cert.pub // entering ssh_host_key_cert as key - Changing /opt/ssh/etc/sshd_config: CACertificateFile /opt/ssh/etc/ca/crt/cacert.pem Port 4422 X509KeyAlgorithm x509v3-sign-rsa,rsa-md5 X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1 AllowedCertPurpose sslclient PasswordAuthentication no - Customizing server user configuration cat /opt/ssh/etc/ssh_host_key_cert.pub > .ssh/authorized_keys - Now __On client machine__ (after copying, client.pem, client-key.pem and cacert.pem) - Build identity - cat ~/.ssh/client-key.pe...

...ion yes #PermitUserEnvironment no #Compression yes #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10 # no default banner path #Banner /some/path # override default of no subsystems Subsystem sftp /usr/local/libexec/sftp-server X509rsaSigType=md5 #AllowedCertPurpose sslserver #CACertificateFile /root/tk/openssh-3.8p1/tests/CA/ca-test/catest-bundle.crt CACertificateFile /root/.ssh/ca-bundle.crt #CACertificatePath /root/tk/openssh-3.8p1/tests/CA/ca-test/crt CACertificatePath /root/demoCA #CARevocationFile /root/tk/openssh-3.8p1/tests/CA/ca-test/catest-bundle.crl...