[Bug 2305] sshd does not accept @cert-authority when doing host based authentication.

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sun Nov 16 18:17:28 EST 2014


https://bugzilla.mindrot.org/show_bug.cgi?id=2305

--- Comment #6 from Iain Morgan <imorgan at nas.nasa.gov> ---
Looking at the debug output more closely, it looks like the client is
not attempting to use any certificates. The server logs just three
hostbased authentication attempts, and the 'Failed hostbased' messages
all indicate that these were plain keys.

As an aside, it probably isn't a good idea to create certificates for
all the supported key types. In most cases, just one (or perhaps two)
certificates should be sufficient. Since hostbased will try all host
keys and certificates until it succeeds, you could easily exhaust the
allowed number of authentication attempts if the ssh_known_hosts or
shosts.equiv files are misconfigured.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list