AuthenticationMethods for ssh certificate
Peter Moody
mindrot at hda3.com
Thu Feb 4 05:22:48 AEDT 2021
On Wed, Feb 3, 2021 at 4:32 AM Wim S <wimsharing at gmail.com> wrote:
> I don't seem to find a way to specify that one of the pubkey in
> AuthenticationMethods pubkey,pubkey should be a valid ssh certificate.
>
> Is there maybe any other way to enforce this ?
it looks like there are a number of ways you can do this:
1. You can set TrustedUserCAKeys to a valid ca pubkey file and set
AuthorizedKeysFile to something like /etc/ssh/empty
2. You can set PubkeyAcceptedKeyTypes to a cert type.
I think both of these will work either globally or in a Match block.
More information about the openssh-unix-dev
mailing list