I've generated an ssh certificate like this:
ssh-keygen -f ca_key
# generate a ssh keypair for use as a certificate- generate a host key
ssh-keygen -s ca_key -I cert_identifier -h host_key.pub
- specify the host key in the server's sshd config file:
TrustedUserCAKeys /etc/ssh/ssh_cert/host_key.pub
- generate a local certificate to access the host using an ssh certificate:
ssh-keygen -s ca_key -I cert_identifier user_key.pub
. This should generate user_key-cert.pub
I can now log into the server using ssh -i user_key user@host
(which uses user_key-cert.pub). How can I revoke the certificate other than disabling the TrustedUserCAKeys file?