[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#794568: OpenSSH server does not recognize principals option in authorized_keys file

Package: openssh-server
Version: 6.7p1-5 (Debian 8)
Kernel : 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt11-1 (2015-05-24)
         x86_64 GNU/Linux


Using the options

AuthorizedPrincipalsFile /etc/ssh/authorized_principals
TrustedUserCAKeys /etc/ssh/UGCA_ssh.pub

in /etc/ssh/sshd_config, a system-wide certificate based login with
certificates (signed by the given CA) matching given principals in
/etc/ssh/authorized_principals is possible.

Disabling these options and using an user-based configuration in
$HOME/.ssh/authorized_keys does not work. The authorized_keys file looks
like

cert-authority,principals=MYPRINCIPAL ssh-ed25519 AAAAC3NzaC1lZDI1NT.....

The ssh server says:

Bad options in /root/.ssh/authorized_keys file, line 1:
principals=MYPRINCIPAL ssh-ed25519 AAAAC3NzaC1lZDI1NT

The syntax of the file authorzied_keys seems to be invalid, but this
should be the syntax specified in man 8 sshd (section AUTHORIZED_KEYS
FILE FORMAT).

Best regards,
Gordon
Reply to: