ssh certificate usage

Hans Harder postbus111 at
Thu Apr 29 17:46:26 EST 2010

>> The principals now only support user and host (or a list of)
>> Is it possible that the principal can also be used for a user group
> How would you invisage that would work?

Same as the match group in sshd_config

That way I can assign the users to a special group which uses certificates only
In the sshd_config I then can use the match group to deny
kbinteractive and set the AuthorizedKeysFile to null with one line.

Otherwise I will keep on changing the sshd_config and need to add new
certificates in the TrustedUserCAKeys file on all the systems for new
I want to do as less changes to the sshd configuration


More information about the openssh-unix-dev mailing list