OpenSSH Certkey (PKI)

Wolfgang S. Rupprecht wolfgang+gnus200611 at
Fri Nov 17 03:43:20 EST 2006

Daniel Lang <dl at> writes:
> Are you, by any chance, mixing up "known_hosts" and "authorized_keys"?

Oops. I quoted the wrong section.  I had meant to quote the section
about the user_certificates.  This is what I meant to cite:

     +A user certificate is an authorization made by the CA that the
     +holder of a specific private key may login to the server as a
     +specific user, without the need of an authorized_keys file being
     +present. The CA gains the power to grant individual users access
     +to the server, and users do no longer need to maintain
     +authorized_keys files of their own.

I don't see a problem with the host certificates methodology.  (In
fact I'd love to see the known_hosts files fade away as more hosts
transition to using host certificates.)


Wolfgang S. Rupprecht      

More information about the openssh-unix-dev mailing list