[ssh_x509] published X.509 certificate support v7.6 for openssh 6.3p1

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Sun Sep 15 14:16:41 EEST 2013


  This has probably been asked before but I can't seem to find any
reference of it in my searches.

  Is there a way to define an authorized_keys that allows any non-revoked
key issued by the CA to authenticate successfully?  In my application I
will issue many more keys than I revoke and updating the authorized_keys
file for every new cert+key generated somewhat defeats the purpose of the
"chain of trust" for me.

  I've tried every combination of hacks, docs, etc that I can find or think
of to no avail.  Other than that I have everything working perfectly; what
a great project!


Kristian Kielhofner

More information about the ssh_x509 mailing list