[Bug 2989] New: Revoking certificates when TrustedUserCAKeys-file contains multiple keys does not work
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sun Apr 7 02:54:40 AEST 2019
https://bugzilla.mindrot.org/show_bug.cgi?id=2989
Bug ID: 2989
Summary: Revoking certificates when TrustedUserCAKeys-file
contains multiple keys does not work
Product: Portable OpenSSH
Version: 7.9p1
Hardware: amd64
OS: FreeBSD
Status: NEW
Severity: normal
Priority: P5
Component: ssh-keygen
Assignee: unassigned-bugs at mindrot.org
Reporter: peter at pean.org
If you are using multiple different CA-keys for authenticating users
you list them (on per line) in a file and point to it using
TrustedUserCAKeys. So far so good.
Let say I have TrustedUserCAKeys /etc/ssh/user_ca.pub i sshd_config.
But when you then try to revoke a certificate you would naturally use
ssh-keygen -k -s /etc/ssh/user_ca.pub -f revoked.bin revoked, but this
will not work. ssh-keygen will only revoke serials or key ids from the
first CA in /etc/ssh/user_ca.pub
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list