[Bug 2305] New: sshd does not accept @cert-authority when doing host based authentication.

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Nov 5 18:45:42 EST 2014


https://bugzilla.mindrot.org/show_bug.cgi?id=2305

            Bug ID: 2305
           Summary: sshd does not accept @cert-authority when doing host
                    based authentication.
           Product: Portable OpenSSH
           Version: 6.5p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: peter at pean.org

Created attachment 2503
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2503&action=edit
sshd_config same on both machines.

When doing host based authentication using signed host keys you need to
have the connecting host in /etc/ssh/ssh_known_hosts. @cert-authority
is not enough. 

When running sshd in debug-mode it seems it first accepts the cert with
CA. but then requires the actual host to be in ssh_known_hosts anyway.

Hm only one attachment?
the ssh_known_hosts has only one line looking something like:

@cert-authority * ssh-rsa AAAA....

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list