ssh certificate usage
postbus111 at gmail.com
Thu Apr 29 17:46:26 EST 2010
>> The principals now only support user and host (or a list of)
>> Is it possible that the principal can also be used for a user group
> How would you invisage that would work?
Same as the match group in sshd_config
That way I can assign the users to a special group which uses certificates only
In the sshd_config I then can use the match group to deny
kbinteractive and set the AuthorizedKeysFile to null with one line.
Otherwise I will keep on changing the sshd_config and need to add new
certificates in the TrustedUserCAKeys file on all the systems for new
I want to do as less changes to the sshd configuration
More information about the openssh-unix-dev