[prev in list] [next in list] [prev in thread] [next in thread]
List: openssh-bugs
Subject: [Bug 2989] New: Revoking certificates when TrustedUserCAKeys-file contains multiple keys does not wo
From: bugzilla-daemon () bugzilla ! mindrot ! org
Date: 2019-04-06 15:54:52
Message-ID: bug-2989-705 () https ! bugzilla ! mindrot ! org/
[Download RAW message or body]
https://bugzilla.mindrot.org/show_bug.cgi?id=2989
Bug ID: 2989
Summary: Revoking certificates when TrustedUserCAKeys-file
contains multiple keys does not work
Product: Portable OpenSSH
Version: 7.9p1
Hardware: amd64
OS: FreeBSD
Status: NEW
Severity: normal
Priority: P5
Component: ssh-keygen
Assignee: unassigned-bugs@mindrot.org
Reporter: peter@pean.org
If you are using multiple different CA-keys for authenticating users
you list them (on per line) in a file and point to it using
TrustedUserCAKeys. So far so good.
Let say I have TrustedUserCAKeys /etc/ssh/user_ca.pub i sshd_config.
But when you then try to revoke a certificate you would naturally use
ssh-keygen -k -s /etc/ssh/user_ca.pub -f revoked.bin revoked, but this
will not work. ssh-keygen will only revoke serials or key ids from the
first CA in /etc/ssh/user_ca.pub
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic