Displaying 3 results from an estimated 3 matches for "user_cert_trusted_ca".
2019 May 20
4
Authenticate against key files before AuthorizedKeysCommand
Hello,
Currently OpenSSH has a fixed order on how the key authenticates the
user: at first it tries to authenticate against TrustedUserCAKeys,
afterwards it does it against the output keys from the
AuthorizedKeysCommand and finally against the files as set in
AuthorizedKeysFile. I have an use-case where this order is not ideal.
This is because in my case the command fetches keys from the cloud
2025 May 22
1
LogLevel INFO shows few details for Certificate invalid: not yet valid / expired
...uot;%s\" serial=%llu: %s",
+ key->cert->key_id, (unsigned long long)key->cert->serial,
+ reason);
+ free(fp);
return 0;
}
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index d6bc309..3292f7c 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -583,8 +583,14 @@ user_cert_trusted_ca(struct passwd *pw, struct sshkey *key,
if ((final_opts = sshauthopt_merge(principals_opts,
cert_opts, &reason)) == NULL) {
fail_reason:
- error("%s", reason);
- auth_debug_add("%s", reason);
+ error("Refusing certificate ID \"%s\" serial=%llu...
2025 May 21
1
LogLevel INFO shows few details for Certificate invalid: not yet valid / expired
On 4/5/25 15:01, Lars Nood?n wrote:
> I notice that when using log level INFO it seems sshd(8) provides very
> little information about failed SSH certificate log in attempts:
>
> Apr? 5 14:44:41 server sshd-session[51695]: error: Certificate invalid:
> not yet valid
>
> Apr? 5 14:45:31 server sshd-session[88953]: error: Certificate invalid:
> expired
>
>