Skip to content

Commit e46313b

Browse files
mikegreenmikegreen
authored
Add algo signer to support openssl as of recent
"algorithm_signer": "rsa-sha2-256" to prevent /var/log/auth.log `userauth_pubkey: certificate signature algorithm ssh-rsa: signature algorithm not supported [preauth]` due to vault defaulting to ssh-rsa which is insecure
1 parent 4a91923 commit e46313b

1 file changed

Lines changed: 1 addition & 0 deletions

File tree

website/content/docs/secrets/ssh/signed-ssh-certificates.mdx

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -106,6 +106,7 @@ team, or configuration management tooling.
106106
```text
107107
$ vault write ssh-client-signer/roles/my-role -<<"EOH"
108108
{
109+
"algorithm_signer": "rsa-sha2-256",
109110
"allow_user_certificates": true,
110111
"allowed_users": "*",
111112
"allowed_extensions": "permit-pty,permit-port-forwarding",

0 commit comments

Comments
 (0)