Bug#794568: OpenSSH server does not recognize principals option in authorized_keys file
Package: openssh-server
Version: 6.7p1-5 (Debian 8)
Kernel : 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt11-1 (2015-05-24)
x86_64 GNU/Linux
Using the options
AuthorizedPrincipalsFile /etc/ssh/authorized_principals
TrustedUserCAKeys /etc/ssh/UGCA_ssh.pub
in /etc/ssh/sshd_config, a system-wide certificate based login with
certificates (signed by the given CA) matching given principals in
/etc/ssh/authorized_principals is possible.
Disabling these options and using an user-based configuration in
$HOME/.ssh/authorized_keys does not work. The authorized_keys file looks
like
cert-authority,principals=MYPRINCIPAL ssh-ed25519 AAAAC3NzaC1lZDI1NT.....
The ssh server says:
Bad options in /root/.ssh/authorized_keys file, line 1:
principals=MYPRINCIPAL ssh-ed25519 AAAAC3NzaC1lZDI1NT
The syntax of the file authorzied_keys seems to be invalid, but this
should be the syntax specified in man 8 sshd (section AUTHORIZED_KEYS
FILE FORMAT).
Best regards,
Gordon
Reply to: