ssh-agent holds many certs. best way to ensure sshd sees them all besides increasing MaxAuthTries?
Michael Ströder
michael at stroeder.com
Wed Jun 23 05:40:43 AEST 2021
On 6/22/21 9:03 PM, Christian, Mark wrote:
> Wondering how I might be able to configure my ssh client or server so
> that any one of my ssh certificates may be used for authentication? Are
> there better ways to check for more than a couple certificates than by
> increasing sshd_config MaxAuthTries?
Maybe others correct me.
But this problem is exactly the reason why my SSH-CA client uses ssh-add
-D before loading a new cert to the key agent.
If those are really different certs issued for different principal names
you might want to work with multiple ssh-agent processes.
Ciao, Michael.
More information about the openssh-unix-dev
mailing list