Displaying 2 results from an estimated 2 matches for "ssh_cert_type_host".
2017 May 16
2
Golang CertChecker hostname validation differs to OpenSSH
...ame only), and, now that I've found
PROTOCOL.certkeys, this seems to be spelt out unambiguously there too:
"valid principals" is a string containing zero or more principals as
strings packed inside it. These principals list the names for which this
certificate is valid; hostnames for SSH_CERT_TYPE_HOST certificates and
usernames for SSH_CERT_TYPE_USER certificates. As a special case, a
zero-length "valid principals" field means the certificate is valid for
any principal of the specified type.
Cheers, Adam
2017 May 15
5
Golang CertChecker hostname validation differs to OpenSSH
Hi all,
Last week I noticed that the CertChecker in the Go implementation of
x/crypto/ssh seems to be doing host principal validation incorrectly
and filed the following bug:
https://github.com/golang/go/issues/20273
By default they are looking for a principal named "host:port" inside
of the certificate presented by the server, instead of just looking
for the host as I believe OpenSSH