Displaying 3 results from an estimated 3 matches for "ssh_err_key_not_found".
2025 Apr 29
1
Multiple allowed signer files in `ssh-keygen -Y verify`
...me)) != 0) {
- debug3_fr(r, "sshsig_check_allowed_keys");
+ for (i = 0; i < nallowed_keys; i++) {
+ if ((r = sshsig_check_allowed_keys(allowed_keys[i], sign_key,
+ principal, sig_namespace, verify_time)) != 0) {
+ /* don't attempt other files on hard errors */
+ if (r != SSH_ERR_KEY_NOT_FOUND) {
+ error_fr(r, "check allowed keys in %s",
+ allowed_keys[i]);
+ goto done;
+ }
+ debug3_fr(r, "sshsig_check_allowed_keys in %s",
+ allowed_keys[i]);
+ continue;
+ }
+ matched = 1;
+ }
+ if (!matched && nallowed_keys != 0) {
+ error_f("...
2025 Apr 23
1
Multiple allowed signer files in `ssh-keygen -Y verify`
Hello,
I'm currently evaluating using `ssh-keygen -Y verify` to check OS
artifacts (e.g. packages) and I noticed that the `-f
allowed_signers_file` option can be passed only once. A side remark:
technically it can be passed multiple times without a warning but the
last invocation overrides all previous ones. Tested using:
$ ssh-keygen -Y verify -f allowed_signers -f /dev/null -n file -s
2017 Jul 04
12
[Bug 2737] New: function identity_sign() assume private key's pub part as same as the .pub key.
https://bugzilla.mindrot.org/show_bug.cgi?id=2737
Bug ID: 2737
Summary: function identity_sign() assume private key's pub part
as same as the .pub key.
Product: Portable OpenSSH
Version: 7.5p1
Hardware: Other
OS: Other
Status: NEW
Severity: enhancement
Priority: P5