sshj
sshj copied to clipboard
hierynomus
Add support for several SSH -cert*.pub files
Hi! We are struggling with handling several public cert files for different certificate authorities which we are using. For this moment we implemented Pritunl-zero opensource solution to grant ssh access for users with different CA authorities. Issue is that pritunl generates -cert-XX.pub file for each configured CA and writes it in users ~/.ssh/ directory after user refresh access. If you use ssh, it works perfectly and you don't need to do anything with this files, but, if we try to get it work in IntelliJ IDEs - it won't grap all certificates and using only -cert.pub file. So, we need to generate new files - choose the correct one - rename it and write into ~/.ssh/config file to get it work. For example:
$ls -la ~/.ssh/ -rw------- 1 user user 492 сер 19 14:53 id_ecdsa -rw------- 1 user user 2007 сер 23 11:34 id_ecdsa-cert00.pub -rw------- 1 user user 2007 сер 23 11:34 id_ecdsa-cert01.pub
Where id_ecdsa-cert00.pub -> Is one CA authority
and id_ecdsa-cert01.pub -> another CA authority
This config is working in ssh terminal connection, but doesn't work in IntelliJ SSH configuration with "Parse config file ~/.ssh/config" enabled:
cat ~/.ssh/config host example.com hostname example.com
port 22 user dummyuser IdentityFile ~/.ssh/id_ecdsa # pritunl-zero CertificateFile ~/.ssh/id_ecdsa-cert00.pub # pritunl-zero CertificateFile ~/.ssh/id_ecdsa-cert01.pub
If i rename correct certfile for authority for this example.com domain as id_ecdsa-cert.pub -> it works but this manipulation should be done everytime you refresh shortlife certificates. Thanks in advance!
