You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
As far as I can tell, it doesn't appear that opnsense provides the ability to use custom SSH keys that are signed with SSH certificates. (see here on SSH certificates)
Specifically, I would like to be able to add something like this to the sshd_config (and also remove the existing HostKey entries):
What would be really nice is some way to change or hook into the sshd_config before it is written. I'm not familiar enough with opnsense to know if/how this problem is solved with other configuration files, but, ideally, it would be consistent with that method.
Describe alternatives you considered
Another possibility would be to put the keys and certificates in /conf/ssh/ and assume a specific format (i.e. ``*-cert.pubfor certificates) and automatically add theHostCertificate` line if that file exists in `/conf/ssh/`. This doesn't solve the problem of removing unwanted `HostKey` entries (as removed keys appear to be automatically regenerated) or adding `TrustedUserCAKeys`.
Additional context
I'm happy to contribute, but I would like input on a good solution before doing anything.
Thanks!
The text was updated successfully, but these errors were encountered:
TrustedUserCAKeys support is likely the easier part, HostCertificate a bit harder, HostKey removal not really in the scope here as while it's unnecessary for this setup type it's also unnecessary to tackle it in this scope to begin with as it doesn't interfere.
All of this should go to the GUI as we don't support pluggable SSH server configuration.
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Is your feature request related to a problem? Please describe.
As far as I can tell, it doesn't appear that opnsense provides the ability to use custom SSH keys that are signed with SSH certificates. (see here on SSH certificates)
Specifically, I would like to be able to add something like this to the sshd_config (and also remove the existing
HostKey
entries):Describe the solution you like
What would be really nice is some way to change or hook into the sshd_config before it is written. I'm not familiar enough with opnsense to know if/how this problem is solved with other configuration files, but, ideally, it would be consistent with that method.
Describe alternatives you considered
Another possibility would be to put the keys and certificates in
/conf/ssh/
and assume a specific format (i.e. ``*-cert.pubfor certificates) and automatically add the
HostCertificate` line if that file exists in `/conf/ssh/`. This doesn't solve the problem of removing unwanted `HostKey` entries (as removed keys appear to be automatically regenerated) or adding `TrustedUserCAKeys`.Additional context
I'm happy to contribute, but I would like input on a good solution before doing anything.
Thanks!
The text was updated successfully, but these errors were encountered: