[Bug 2305] sshd does not accept @cert-authority when doing host based authentication.

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sun Nov 16 12:32:52 EST 2014


https://bugzilla.mindrot.org/show_bug.cgi?id=2305

--- Comment #5 from Iain Morgan <imorgan at nas.nasa.gov> ---
No, that block is correct. That is where the search for the
@cert-authority entry occurs.That is how load_hostkeys() gets called,
which does find the @cert-authority entry.

>From the sshd -ddd output, the certificate passes the basic tests
(certificate type, validity period, principals) and an applicable CA
entry is found. However, the certificate ends up being rejected. That
could be a mismatch between the key used to sign the certificate and
the
entry in the ssh_known_hosts file.

What do you get for the output of ssh-keygen -Lf on your certificate
and
does the fingerprint for the signing CA match the fingerprint for the
@cert-authority entry?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list