search for: based_authentication

...following: @cert-authority *.example.com ecdsa-sha2-nistp256 AAAAE2V... Would accept the host certificate authority for *.example.com. The "Hostnames" field can be expanded as needed, and can enclude hashed hostnames. See: https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Certificate-based_Authentication#4._Updating_Clients_to_Acknowledge_the_Designated_Certificate_Authority Another example (from the sshd man page) cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W... Could that work for you? Rory

Hi, we're looking to reduce the number of host lists that need to be kept in sync in our system. (There are quite a few of them all over the place) OpenSSH CAs are an obvious solution for not having to keep all host keys in sync in /etc/ssh/known_hosts, however, while OpenSSH does support using a CA in conjunction with hostbased authentication, it still requires a list of all authorized

...thority *.example.com ecdsa-sha2-nistp256 AAAAE2V... > > Would accept the host certificate authority for *.example.com. The "Hostnames" field can be expanded as needed, and can enclude hashed hostnames. > > See: > https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Certificate-based_Authentication#4._Updating_Clients_to_Acknowledge_the_Designated_Certificate_Authority > > Another example (from the sshd man page) > > cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W... > > Could that work for you? AIUI what he is asking for is a file that combines the host...