Displaying 11 results from an estimated 11 matches for "hostcertificate".
2010 May 26
2
hostbase authentication of hostcertificate
Dear All,
I am trying to use the hostcertificate to do the hostbaed authentication with the steps in the regress/cert-hostkey.sh
But it seems that it can not login with the hostcertificate.:
Here is debug message from the ssh client :
ssh -2 -oUserKnownHostsFile=/opt/ssh/etc/known_hosts-cert \
> -oGlobalKnownHostsFile=/opt/ssh/etc/known_hos...
2020 Jun 16
2
client host certificates and receiving host configuration
..., given a host CA signing key on the sshagentca server, would an
appropriately constructed host certificate added to a forwarded agent
replace the necessity for a '@cert-authority' line in a user's known_hosts
file?
Secondly, would there be any alteration to the requirement for a
"HostCertificate" CA-signed public key (from a private "HostKey") on
sshd receiving servers?
Many thanks
Rory
2020 Jun 17
3
client host certificates and receiving host configuration
...ification logic. However, a few people have requsted
> a KnownHostsCommand option that allows the output of a subprocess to
> be used in addition to the usual known_hosts. Would this work for you?
>
> > Secondly, would there be any alteration to the requirement for a
> > "HostCertificate" CA-signed public key (from a private "HostKey") on
> > sshd receiving servers?
>
> I don't understand what you mean here. Could you elabourate?
My apologies for the poor explanation. Let me try again.
Adding a user certificate to a client forwarded agent allows th...
2019 Oct 21
2
Multiple Signatures on SSH-Hostkeys
Hello, OpenSSH-wizards.
In our company, we have looked into SSH-HostKey-signing in order to
realize automated access without the need to accept the server's
hostkey, manually.
I got it to work with the HostCertificate-directive inside the
sshd_config.
Now, I was wondering whether it is possible to have multiple
signatures, so I can, for example, sign the hostkey once with a
company-internal CA to prove to my colleagues that the server belongs
to our company and to sign again with another CA that belongs to...
2010 Mar 18
1
Question about host certificates
Hi,
I'm experimenting with host certificates in 5.4p1 and seem to have hit a
usability issue. I've generated a host certificate, added the
HostCertificate option to the sshd_config and restarted sshd. I've
replaced the system's ssh_known_hosts file with one that has a single
entry of the form:
@cert-authority *.example.domain ssh-rsa ...
This works provided that I use the host's FQDn when I ssh to it. If I
use an unqualified name, the c...
2015 Jan 30
5
[Bug 2346] New: sshd -T doesn't write all configuration options in valid format
https://bugzilla.mindrot.org/show_bug.cgi?id=2346
Bug ID: 2346
Summary: sshd -T doesn't write all configuration options in
valid format
Product: Portable OpenSSH
Version: 6.7p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component:
2019 Mar 15
3
prompt to update a host key
On Fri, Mar 15, 2019 at 09:10:26AM +0000, Jochen Bern wrote:
> Imagine sysadminning a boatload of VMs getting IPs from a dynamic pool, a la
>
> $ for ADDR in $CUSTOMER_1_RANGE $CUSTOMER_2_RANGE... ; do
> > ping -c 1 -w 2 $ADDR >/dev/null 2>&1 && ssh root@$ADDR do_urgent_fix
> > done
>
> , and it mightn't be that much of a niche anymore ...
And
2015 Jul 01
0
Announce: OpenSSH 6.9 released
...stderr output consistent; bz#2325
* ssh(1): mention missing DISPLAY environment in debug log when X11
forwarding requested; bz#1682
* sshd(8): correctly record login when UseLogin is set; bz#378
* sshd(8): Add some missing options to sshd -T output and fix output
of VersionAddendum and HostCertificate. bz#2346
* Document and improve consistency of options that accept a "none"
argument" TrustedUserCAKeys, RevokedKeys (bz#2382),
AuthorizedPrincipalsFile (bz#2288)
* ssh(1): include remote username in debug output; bz#2368
* sshd(8): avoid compatibility problem with som...
2014 Oct 10
16
[Bug 2288] New: documentation of options defaulting to "none"
https://bugzilla.mindrot.org/show_bug.cgi?id=2288
Bug ID: 2288
Summary: documentation of options defaulting to "none"
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: trivial
Priority: P5
Component: Documentation
Assignee:
2015 Jul 01
5
Announce: OpenSSH 6.9 released
...stderr output consistent; bz#2325
* ssh(1): mention missing DISPLAY environment in debug log when X11
forwarding requested; bz#1682
* sshd(8): correctly record login when UseLogin is set; bz#378
* sshd(8): Add some missing options to sshd -T output and fix output
of VersionAddendum and HostCertificate. bz#2346
* Document and improve consistency of options that accept a "none"
argument" TrustedUserCAKeys, RevokedKeys (bz#2382),
AuthorizedPrincipalsFile (bz#2288)
* ssh(1): include remote username in debug output; bz#2368
* sshd(8): avoid compatibility problem with som...
2015 May 29
16
Call for testing: OpenSSH 6.9
...stderr output consistent; bz#2325
* ssh(1): mention missing DISPLAY environment in debug log when X11
forwarding requested; bz#1682
* sshd(8): correctly record login when UseLogin is set; bz#378
* sshd(8): Add some missing options to sshd -T output and fix output
of VersionAddendum and HostCertificate. bz#2346
* Document and improve consistency of options that accept a "none"
argument" TrustedUserCAKeys, RevokedKeys (bz#2382),
AuthorizedPrincipalsFile (bz#2288)
* ssh(1): include remote username in debug output; bz#2368
* sshd(8): avoid compatibility problem with som...