OpenSSH Certkey (PKI)

Andre Oppermann andre at freebsd.org
Sat Nov 18 00:02:38 EST 2006

Previous message: OpenSSH Certkey (PKI) adding CAL (online verification)
Next message: PEM_read_PrivateKey failed issue
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Bob Beck wrote:
> 
> 	I would think it would be nice if "CAL" had a way of
> saying "these are the ones to be revoked" so no shutdown, just
> propagate the bad one - but I'm talking to daniel offline about it..

That's easy.  echo "ab:cd:ef..." > /etc/ssh/blacklist

Or use a prediodic rsync to do that.  Every pubkey fingerprint listed in it is
denied access.

-- 
Andre

Previous message: OpenSSH Certkey (PKI) adding CAL (online verification)
Next message: PEM_read_PrivateKey failed issue
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the openssh-unix-dev mailing list