[Bug 2305] sshd does not accept @cert-authority when doing host based authentication.
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sun Nov 16 12:32:52 EST 2014
https://bugzilla.mindrot.org/show_bug.cgi?id=2305
--- Comment #5 from Iain Morgan <imorgan at nas.nasa.gov> ---
No, that block is correct. That is where the search for the
@cert-authority entry occurs.That is how load_hostkeys() gets called,
which does find the @cert-authority entry.
>From the sshd -ddd output, the certificate passes the basic tests
(certificate type, validity period, principals) and an applicable CA
entry is found. However, the certificate ends up being rejected. That
could be a mismatch between the key used to sign the certificate and
the
entry in the ssh_known_hosts file.
What do you get for the output of ssh-keygen -Lf on your certificate
and
does the fingerprint for the signing CA match the fingerprint for the
@cert-authority entry?
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list