Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

14.3.8. Revoking an SSH CA Certificate

If a certificate is stolen, it should be revoked. Although OpenSSH does not provide a mechanism to distribute the revocation list it is still easier to create the revocation list and distribute it by other means then to change the CA keys and all host and user certificates previously created and distributed.

Keys can be revoked by adding them to the revoked_keys file and specifying the file name in the sshd_config file as follows:

RevokedKeys /etc/ssh/revoked_keys

Note that if this file is not readable, then public key authentication will be refused for all users.

To test if a key has been revoked, query the revocation list for the presence of the key. Use a command as follows:

ssh-keygen -Qf /etc/ssh/revoked_keys ~/.ssh/id_rsa.pub

A user can revoke a CA certificate by changing the cert-authority directive to revoke in the known_hosts file.

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

14.3.8. Revoking an SSH CA Certificate

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Mehr Inklusion in Open Source

Über Red Hat

Red Hat legal and privacy links

Red Hat legal and privacy links