[Bug 2436] Add ssh option to present certificates on command line
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Sep 11 17:33:26 AEST 2015
https://bugzilla.mindrot.org/show_bug.cgi?id=2436
--- Comment #4 from Damien Miller <djm at mindrot.org> ---
Created attachment 2700
--> https://bugzilla.mindrot.org/attachment.cgi?id=2700&action=edit
revised patch
Here's a tweaked version of the patch. Changes are:
- add_certificate_file() never used its "dir" argument; remove it and
save some code
- merge load_certificate_files() into load_public_identity_files();
much of the code is shared (especially % expansion)
- if any CertificateFiles have been specified, skip trying to load
key-cert.pub by default. I figure that if users are specifying
certificates themselves then they don't want implicit behaviour to
confuse things.
- log (at debug2 level) which private key is being used for the
certificate and cases where no private key was found for a given
certificate
- Simplify the matching of certificates to private keys in
sign_and_send_pubkey() and use it for all certificates (i.e. both
CertificateFile and implicit *-cert.pub ones).
- Tweak the wording of the manpage a little and mention the interaction
with IdentitiesOnly.
I've left the ssh -z option in there for now. The alternative to an
explicit flag is making users use -oCertificateFile=...
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list