| version 1.298, 2010/03/04 12:51:25 |
version 1.299, 2010/03/04 23:19:29 |
|
|
| .Xr ssh_config 5 |
.Xr ssh_config 5 |
| for more information. |
for more information. |
| .Pp |
.Pp |
| Host keys may also be presented as certificates signed by a trusted |
|
| certification authority (CA). |
|
| In this case, trust of the CA key alone is sufficient for the host key |
|
| to be accepted. |
|
| To specify a public key as a trusted CA key in a known hosts file, |
|
| it should be added after a |
|
| .Dq @cert-authority |
|
| tag and a set of one or more domain-name wildcards separated by commas. |
|
| For example: |
|
| .Pp |
|
| .Dl @cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W... |
|
| .Pp |
|
| See the |
|
| .Sx CERTIFICATES |
|
| section of |
|
| .Xr ssh-keygen 1 |
|
| for more details. |
|
| .Pp |
|
| Keys may also be marked as revoked using the |
|
| .Dq @revoked |
|
| marker. |
|
| Revoked keys will always trigger a warning when encountered and the host |
|
| that presented them will be treated as untrusted. |
|
| For example: |
|
| .Pp |
|
| .Dl @revoked * ssh-rsa AAAAB5W... |
|
| .Pp |
|
| Revoking a key revokes it for direct use and as a certification authority. |
|
| Do not use both the |
|
| .Dq @cert-authority |
|
| and |
|
| .Dq @revoked |
|
| markers on the same line. |
|
| .Sh SSH-BASED VIRTUAL PRIVATE NETWORKS |
.Sh SSH-BASED VIRTUAL PRIVATE NETWORKS |
| .Nm |
.Nm |
| contains support for Virtual Private Network (VPN) tunnelling |
contains support for Virtual Private Network (VPN) tunnelling |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh