Date: Fri, 17 Nov 2006 14:02:38 +0100 From: Andre Oppermann <andre@freebsd.org> To: Bob Beck <beck@bofh.cns.ualberta.ca> Cc: Nick Bender <nbender@gmail.com>, tech@openbsd.org, openssh-unix-dev@mindrot.org, freebsd-current@freebsd.org Subject: Re: OpenSSH Certkey (PKI) Message-ID: <455DB2EE.8010804@freebsd.org> In-Reply-To: <20061116204921.GX26418@bofh.cns.ualberta.ca> References: <20061115142820.GB14649@insomnia.benzedrine.cx> <bf04f2850611161212t439d5ce4r59a8bb1fa3cf24@mail.gmail.com> <20061116204921.GX26418@bofh.cns.ualberta.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Bob Beck wrote: > > I would think it would be nice if "CAL" had a way of > saying "these are the ones to be revoked" so no shutdown, just > propagate the bad one - but I'm talking to daniel offline about it.. That's easy. echo "ab:cd:ef..." > /etc/ssh/blacklist Or use a prediodic rsync to do that. Every pubkey fingerprint listed in it is denied access. -- Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?455DB2EE.8010804>