client host certificates and receiving host configuration

Rory Campbell-Lange rory at
Thu Jun 18 06:51:50 AEST 2020

On 17/06/20, Rory Campbell-Lange (rory at wrote:
> Adding a user certificate to a client forwarded agent allows that client
> to use that certificate to authenticate to servers with
> TrustedUserCAKeys set to the public key used to sign the certificate.
> What would host certificates added to a client forwarded agent give one
> (if any), and what part of the normal set of configuration requirements*
> does it help with?

My apologies -- I'd completely misunderstood the mode of operation of
host certificates.

More information about the openssh-unix-dev mailing list