search for: trustedcakey

...o > specify a list of certificate principal names that are acceptable. > > When authenticating using a CA trusted through ~/.ssh/authorized_keys, > this adds a new principals="name1[,name2,...]" key option. > > For CAs listed through sshd_config's TrustedCAKeys option, a new config > option "AuthorizedPrincipalsFile" specifies a per-user file containing > the list of acceptable names. > > If either option is absent, the current behaviour of requiring the > username to appear in principals continues to apply. >...

...ch one of the names in the list for it to be accepted for authentication. sshd(8) now has a new AuthorizedPrincipalsFile option to specify a file containing a list of names that may be accepted in place of the username when authorizing a certificate trusted via the sshd_config(5) TrustedCAKeys option. Similarly, authentication using a CA trusted in ~/.ssh/authorized_keys now accepts a principals="name1[,name2,...]" to specify a list of permitted names. If either option is absent, the current behaviour of requiring the username to appear in principals continue...

...rname must match one of the names in the list for it to be accepted for authentication. sshd(8) now supports an optional AuthorizedPrincipalsFile to specify a list of names that may be accepted in place of the username when authorizing a certificate trusted via the sshd_config(5) TrustedCAKeys option. Similarly, authentication using a CA trusted in ~/.ssh/authorized_keys now accepts a principals="name1[,name2,...]" to specify a list of permitted names. If either option is absent, the current behaviour of requiring the username to appear in principals continues to...

...ch one of the names in the list for it to be accepted for authentication. sshd(8) now has a new AuthorizedPrincipalsFile option to specify a file containing a list of names that may be accepted in place of the username when authorizing a certificate trusted via the sshd_config(5) TrustedCAKeys option. Similarly, authentication using a CA trusted in ~/.ssh/authorized_keys now accepts a principals="name1[,name2,...]" to specify a list of permitted names. If either option is absent, the current behaviour of requiring the username to appear in principals continue...