Displaying 2 results from an estimated 2 matches for "keyopt".
Did you mean:
keyout
2025 May 22
1
LogLevel INFO shows few details for Certificate invalid: not yet valid / expired
...auth_check_authkey_line(struct passwd *pw, struct sshkey *key,
/* Parse and check options present in certificate */
if ((certopts = sshauthopt_from_cert(key)) == NULL) {
reason = "Invalid certificate options";
- goto fail_reason;
+ goto cert_fail_reason;
}
if (auth_authorise_keyopts(pw, certopts, 0,
remote_ip, remote_host, loc) != 0) {
reason = "Refused by certificate options";
- goto fail_reason;
+ goto cert_fail_reason;
}
if ((finalopts = sshauthopt_merge(keyopts, certopts, &reason)) == NULL)
- goto fail_reason;
+ goto cert_fail_reason;
/*...
2025 May 21
1
LogLevel INFO shows few details for Certificate invalid: not yet valid / expired
On 4/5/25 15:01, Lars Nood?n wrote:
> I notice that when using log level INFO it seems sshd(8) provides very
> little information about failed SSH certificate log in attempts:
>
> Apr? 5 14:44:41 server sshd-session[51695]: error: Certificate invalid:
> not yet valid
>
> Apr? 5 14:45:31 server sshd-session[88953]: error: Certificate invalid:
> expired
>
>