CA Signed Public Key User Authentication does not honor ~/.ssh/authorized_keys

Virender Khatri vir.khatri at gmail.com
Thu Sep 26 02:55:27 EST 2013


Greetings,

I am using OpenSSH Signed Public Key authentication for servers ssh login.
All of the servers are setup with below sshd_config options:

TrustedUserCAKeys /etc/ssh/ca.pub # CA Public Keys
RevokedKeys /etc/ssh/revoke.pub # User Public Keys

When i started working on it, for ssh authentication i had to have CA
Public Key in User  ~/.ssh/authorized_keys, like:

cert-authority ssh-rsa <user_key> <user_name>

But, now i am able to login without having CA Public Key in User '
~/.ssh/authorized_keys' file.

Even if i remove '' ~/.ssh/authorized_keys' file from for a user, i am able
to login.

I wanted to know whether it is no longer require or it is a bug.

OpenSSH Version - openssh-6.1p1-8.30.amzn1.x86_64.

-V


More information about the openssh-unix-dev mailing list