https://bugzilla.mindrot.org/show_bug.cgi?id=2989
Bug ID: 2989 Summary: Revoking certificates when TrustedUserCAKeys-file contains multiple keys does not work Product: Portable OpenSSH Version: 7.9p1 Hardware: amd64 OS: FreeBSD Status: NEW Severity: normal Priority: P5 Component: ssh-keygen Assignee: unassigned-b...@mindrot.org Reporter: pe...@pean.org If you are using multiple different CA-keys for authenticating users you list them (on per line) in a file and point to it using TrustedUserCAKeys. So far so good. Let say I have TrustedUserCAKeys /etc/ssh/user_ca.pub i sshd_config. But when you then try to revoke a certificate you would naturally use ssh-keygen -k -s /etc/ssh/user_ca.pub -f revoked.bin revoked, but this will not work. ssh-keygen will only revoke serials or key ids from the first CA in /etc/ssh/user_ca.pub -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs