Need clarity on credentialz.proto host certificate rotation #91
Comments
|
Are you proposing that we add to the ServerKeysRequest a key-type, like: (perhaps just require this enum actually) gnsi/credentialz/credentialz.proto Line 628 in a430960 in order to tell what form key is being sent? |
|
I don't think we need this change anymore. I created this during the initial phase of the implementation for handling the ServerKeysRequest. Identified that SSHD config's 'HostCertificate' parameter just needs to point to a file path where the certificate is stored. So it wouldn't matter to know what the key type is for this case. |
|
sounds ok to me. |
The ServerKeysRequest message has auth_artifacts that holds a field for 'certificate'. But there are no fields to know the type of certificate. So while writing this new certificate to the file system, how do we establish the file name ? whether it should be /etc/ssh/ssh_host_rsa_key-cert.pub or /etc/ssh/ssh_host_ecdsa-cert.pub?
Is the RPC handler supposed to parse the certificate as in ssh-keygen -L -f and determine the type and do this?
The text was updated successfully, but these errors were encountered: