https://bugzilla.mindrot.org/show_bug.cgi?id=3577
xspielinbox+mind...@protonmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|CASignatureAlgorithms |CASignatureAlgorithms |supports -cert alogrithms |supports -cert algorithms | |when used alongside with | |other options --- Comment #1 from xspielinbox+mind...@protonmail.com --- To clarify: When only configuring one of the -cert algorithms with CASignatureAlgorithms, one gets an error, that the configuration is invalid, but when adding them alongside some other algorithm, they are supported. However, when signing a user certificate with an CA, ssh-keygen -L will always list the non -cert (the "normal" variant so to speak) as the algorithm behing "using" in the Signing CA. So e.g. for a ed25519 CA: Signing CA: ED25519 SHA256:bfV6O1tWNL+L/rLib4dDFPn5eydAAhyyHUb5hz7yVjA (using ssh-ed25519) I would not know how to get something that would then have: Signing CA: ED25519 SHA256:bfV6O1tWNL+L/rLib4dDFPn5eydAAhyyHUb5hz7yVjA (using ssh-ed25519-cert) As this algorithm in my understanding is the one -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs