version 1.298, 2010/03/04 12:51:25 |
version 1.299, 2010/03/04 23:19:29 |
|
|
.Xr ssh_config 5 |
.Xr ssh_config 5 |
for more information. |
for more information. |
.Pp |
.Pp |
Host keys may also be presented as certificates signed by a trusted |
|
certification authority (CA). |
|
In this case, trust of the CA key alone is sufficient for the host key |
|
to be accepted. |
|
To specify a public key as a trusted CA key in a known hosts file, |
|
it should be added after a |
|
.Dq @cert-authority |
|
tag and a set of one or more domain-name wildcards separated by commas. |
|
For example: |
|
.Pp |
|
.Dl @cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W... |
|
.Pp |
|
See the |
|
.Sx CERTIFICATES |
|
section of |
|
.Xr ssh-keygen 1 |
|
for more details. |
|
.Pp |
|
Keys may also be marked as revoked using the |
|
.Dq @revoked |
|
marker. |
|
Revoked keys will always trigger a warning when encountered and the host |
|
that presented them will be treated as untrusted. |
|
For example: |
|
.Pp |
|
.Dl @revoked * ssh-rsa AAAAB5W... |
|
.Pp |
|
Revoking a key revokes it for direct use and as a certification authority. |
|
Do not use both the |
|
.Dq @cert-authority |
|
and |
|
.Dq @revoked |
|
markers on the same line. |
|
.Sh SSH-BASED VIRTUAL PRIVATE NETWORKS |
.Sh SSH-BASED VIRTUAL PRIVATE NETWORKS |
.Nm |
.Nm |
contains support for Virtual Private Network (VPN) tunnelling |
contains support for Virtual Private Network (VPN) tunnelling |