Minor tweak to sshd_config(5)

Damien Miller djm at mindrot.org
Fri Mar 5 10:31:52 EST 2010


On Thu, 4 Mar 2010, Iain Morgan wrote:

> Hi,
>
> There are a few minor tweaks I would like to suggest regrading the
> Trecently added rustedUserCAKeys section in sshd_config(5).
>
>      TrustedUserCAKeys Specifies a file containing public keys of
>      certificate authorities that are trusted sign user certificates
>      for authentication. Keys are listed one per line, empty lines
>      and comments starting with '#' are allowed. If a cer- tificate
>      is presented for authentication and has its signing CA key
>      listed in this file, then it may be used for authentication
>      for any user listed in the certificate's principals list. Note
>      that certificates that lack a list of principals will not be
>      permitted for authentication using TrustedUserCAKeys. For more
>      details in certificates, please see the CERTIFICATES section in
>      ssh-keygen(1).
>
> Replace "trusted sign user" with "trusted to sign user." Also, the
> next sentence should probably be split into two sentences to avoid a
> run-on: "Keys are listed one per line. Empty lines and comments..."
> Lastly, "more details in certificates" should be "more details on
> certificates."

Jason McIntyre (manpage whacker supreme) already found and fixed these :)

-d



More information about the openssh-unix-dev mailing list