Suggestion: Deprecate SSH certificates and move to X.509 certificates

Damien Miller djm at
Fri May 25 14:45:21 AEST 2018

On Fri, 25 May 2018, Yegor Ievlev wrote:

> How can I revoke one SSH certificate without having to replace the
> root certificate and all certificates signed by it?
> Regarding the second statement, do you have sources?

Uber, Facebook, Google, Netflix, Lyft, Square, Asana and others are on
the record as using OpenSSH certificates (within a minute or two of

Some of them have published their own CA clients/servers (inc. Peter).


More information about the openssh-unix-dev mailing list