ssh-agent holds many certs. best way to ensure sshd sees them all besides increasing MaxAuthTries?
Christian, Mark
mark.christian at intel.com
Wed Jun 23 05:03:36 AEST 2021
Wondering how I might be able to configure my ssh client or server so
that any one of my ssh certificates may be used for authentication? Are
there better ways to check for more than a couple certificates than by
increasing sshd_config MaxAuthTries? I was thinking ssh -
oCertificateFile could be used but I'm struggling to figure out how
since my ssh-agent is the only place where the certs and private keys
are located.
Each certificate may have a different principal, policy or validity,
hence the multiple certificates.
The contents of my ssh-agent:
256 SHA256:Ft0/6CxRrwaPM/3bB0AQd/Vgw5mhT6ptq7Plj/cOYXI user at host
(ED25519)
256 SHA256:Ft0/6CxRrwaPM/3bB0AQd/Vgw5mhT6ptq7Plj/cOYXI user at host
(ED25519-CERT)
256 SHA256:Fn/259tp65oYC7LFz0RIpvl23S0GGqJbLvOYlj0Z26U user at host
(ED25519)
256 SHA256:Fn/259tp65oYC7LFz0RIpvl23S0GGqJbLvOYlj0Z26U user at host
(ED25519-CERT)
256 SHA256:thXXEAOnp8Xj+qtl+gDveYXjvy5MEkE9Vm5jos3qusM user at host
(ED25519)
256 SHA256:thXXEAOnp8Xj+qtl+gDveYXjvy5MEkE9Vm5jos3qusM user at host
(ED25519-CERT)
256 SHA256:e8Fag5D2xPFzYbqVBuctLxJ9mB2IkYO137kNo42WAs8 user at host
(ED25519)
256 SHA256:e8Fag5D2xPFzYbqVBuctLxJ9mB2IkYO137kNo42WAs8 user at host
(ED25519-CERT)
256 SHA256:uQQXF0hk67bGu3FVhnhxTxE+A1fGogiVt9rawTfQ+G4 user at host
(ED25519)
256 SHA256:uQQXF0hk67bGu3FVhnhxTxE+A1fGogiVt9rawTfQ+G4 user at host
(ED25519-CERT)
Any ideas?
Thank you, and thank you for your valuable work.
Mark Christian
More information about the openssh-unix-dev
mailing list