OpenSSH and X.509 Certificate Support
Roumen Petrov
openssh at roumenpetrov.info
Sun Mar 16 08:41:05 EST 2008
joviano_dias at persistent.co.in wrote:
> Roumen,
>
> While using Distinguished Names in authorized_keys:
> Is it possible that all clients possessing a valid certificate are
> authenticated, and not just those clients who have certificates containing
> subject lines specified in authorized_keys?
>
> Shouldn't it be sufficient that the client certificate signature is
> checked against the CA certificate on the server, i.e server
> authenticating without having to perform any sort of specific
> configuration to the server's authorized_keys file.
Sure, if you like every client with valid certificate to login into
every logon account on the server.
> I know the above would be quite possible with wildcards, but is there any
> other way it can be done, that is accepting all Client Certificates signed
> by the CA whose CA certificate is present on the Server?
>
> -Joviano Dias
>
>> [SNIP]
Roumen
More information about the openssh-unix-dev
mailing list