[prev in list] [next in list] [prev in thread] [next in thread]
List: openssh-unix-dev
Subject: Re: Multiple Signatures on SSH-Hostkeys
From: Damien Miller <djm () mindrot ! org>
Date: 2019-10-22 8:21:00
Message-ID: alpine.BSO.2.21.1910221920080.4235 () haru ! mindrot ! org
[Download RAW message or body]
On Tue, 22 Oct 2019, Bergner, Jan, A-SCM-CIM-SD wrote:
> > I think the best you could do at present if you want host keys
> > signed by different CA is to choose different types of host key
> > (e.g. ecdsa vs ed25519), get one type signed by one CA and the other
> > by the other CA, and configure the clients to prefer the key type
> > corresponding to the CA that they expect. It's not a great solution,
> > but it would probably work.
> Okay.
> Would I specify that in sshd_config with multiple HostCertificate-
> statements or would I rather have multiple signed keys in one file?
> (One signature each line?)
Multiple HostCertificate statements - OpenSSH doesn't support multiple
host keys in a single file.
Cheers,
Damien
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic