[Bug 2989] New: Revoking certificates when TrustedUserCAKeys-file contains multiple keys does not work

bugzilla-daemon Sat, 06 Apr 2019 08:55:41 -0700

https://bugzilla.mindrot.org/show_bug.cgi?id=2989


            Bug ID: 2989
           Summary: Revoking certificates when TrustedUserCAKeys-file
                    contains multiple keys does not work
           Product: Portable OpenSSH
           Version: 7.9p1
          Hardware: amd64
                OS: FreeBSD
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh-keygen
          Assignee: [email protected]
          Reporter: [email protected]

If you are using multiple different CA-keys for authenticating users
you list them (on per line) in a file and point to it using
TrustedUserCAKeys. So far so good.

Let say I have TrustedUserCAKeys /etc/ssh/user_ca.pub i sshd_config.

But when you then try to revoke a certificate you would naturally use
ssh-keygen -k -s /etc/ssh/user_ca.pub -f revoked.bin revoked, but this
will not work. ssh-keygen will only revoke serials or key ids from the
first CA in /etc/ssh/user_ca.pub

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2989] New: Revoking certificates when TrustedUserCAKeys-file contains multiple keys does not work

Reply via email to