[ssh_x509] PKIX-SSH question

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Mon Jun 21 11:33:48 EEST 2021


I have been trying to figure out how to have a SSH host validate a user's
certificate against a trusted CA. I have managed to make the certificate
authentication work by adding the user's certificate (signed by the CA) to
the authorized_keys file on the host machine. However, I would like to make
this authentication work without needed to add the user's key to the
authorized_keys file. In other words, I would like the host to authenticate
the user's certificate by verifying the certificate chain. Is there a way
to enable such x509 certificate authentication? If it is possible, could
you please detail the different steps needed to achieve this or provide a
link to an example?

Thank you,

Olivier Levasseur


Kiri on konfidentsiaalne ega kuulu avalikustamisele kolmandatele 
osapooltele. / This letter is confidential and is not subject to disclosure 
to third parties.

More information about the ssh_x509 mailing list