[Bug 2305] New: sshd does not accept @cert-authority when doing host based authentication.
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Nov 5 18:45:42 EST 2014
https://bugzilla.mindrot.org/show_bug.cgi?id=2305
Bug ID: 2305
Summary: sshd does not accept @cert-authority when doing host
based authentication.
Product: Portable OpenSSH
Version: 6.5p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: peter at pean.org
Created attachment 2503
--> https://bugzilla.mindrot.org/attachment.cgi?id=2503&action=edit
sshd_config same on both machines.
When doing host based authentication using signed host keys you need to
have the connecting host in /etc/ssh/ssh_known_hosts. @cert-authority
is not enough.
When running sshd in debug-mode it seems it first accepts the cert with
CA. but then requires the actual host to be in ssh_known_hosts anyway.
Hm only one attachment?
the ssh_known_hosts has only one line looking something like:
@cert-authority * ssh-rsa AAAA....
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list