Displaying 2 results from an estimated 2 matches for "ddebug_krl".
2019 Sep 13
2
revoking ssh-cert.pub with serial revokes also younger certs
Hi there!
What am I doing wrong?
I created a ssh-certificate
id_user_rsa-cert.pub with this dump:
id_user_rsa-cert.pub:
root at host # ssh-keygen -Lf id_user_rsa-cert.pub
??????? Type: ssh-rsa-cert-v01 at openssh.com user certificate
??????? Public key: RSA-CERT SHA256:kPitwgxblaUH4viBoFoozSPq9Pblubbedk
??????? Signing CA: ED25519 SHA256:8p2foobarQo3Tfcblubb5+I5cboeckvpnktiHdUs
??????? Key ID:
2019 Sep 16
2
revoking ssh-cert.pub with serial revokes also younger certs
...revoked_keys id_user_rsa-cert.pub
>> id_user_rsa-cert.pub (test on myhost - created by ansible (1564358942)):
>> REVOKED
>>
>> Why? I thougt, when i use -s <Serialnumber> only this specific
>> certificate for a pubkey is revoked...
> If you compile krl.c with -DDEBUG_KRL=1 then you can get some extra
> debugging that might show what is going on. You'll probably need to
> add -vvv to ssh-keygen's flags too.
>
> -d
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http...