JP Mens2d ago

OpenSSH 5.4 was released on 2010-03-08, and that is when the project added support for certificate authentication of users and hosts using an OpenSSH certificate format (not X.509)

Why am I telling you this? Because I wanted to find out since when exactly I have been putting off actually experimenting with SSH certificates, and I can now with certainty say that as far as this topic is concerned I've been an idiot over the last 16 years!

Show threadJP Mens

sshd-session[4063]: error: Certificate invalid: expired

Really good!

sshd-session[4077]: error: Certificate invalid: name is not a listed principal

Mar 26 at 12:18pmWeb
Show threadJP Mens2d ago
and if need be (I'm just verifying it actually works) we can sign SSH certificates with #Ansible
Show threadHoward Chu @ Symas2d ago
@jpmens great but.... I kinda feel like why invent yet another new cert format when you could've just used attribute extensions in X.509?
Show threadJP Mens2d ago

@hyc simplicity, ease of use, easy to handle and copy/paste?

here's a certificate