https://bugzilla.mindrot.org/show_bug.cgi?id=2305
--- Comment #5 from Iain Morgan <[email protected]> --- No, that block is correct. That is where the search for the @cert-authority entry occurs.That is how load_hostkeys() gets called, which does find the @cert-authority entry. >From the sshd -ddd output, the certificate passes the basic tests (certificate type, validity period, principals) and an applicable CA entry is found. However, the certificate ends up being rejected. That could be a mismatch between the key used to sign the certificate and the entry in the ssh_known_hosts file. What do you get for the output of ssh-keygen -Lf on your certificate and does the fingerprint for the signing CA match the fingerprint for the @cert-authority entry? -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
