Lines Matching refs:ktype
77 for ktype in $PLAIN_TYPES ; do
78 verbose "$tid: sign host ${ktype} cert"
80 ${SSHKEYGEN} -q -N '' -t ${ktype} \
81 -f $OBJ/cert_host_key_${ktype} || \
82 fatal "ssh-keygen of cert_host_key_${ktype} failed"
84 $OBJ/cert_host_key_${ktype}.pub || fatal "KRL update failed"
85 cat $OBJ/cert_host_key_${ktype}.pub >> $OBJ/host_revoked_plain
86 case $ktype in
87 rsa-sha2-*) tflag="-t $ktype"; ca="$OBJ/host_ca_key2" ;;
92 -n $HOSTS $OBJ/cert_host_key_${ktype} ||
93 fatal "couldn't sign cert_host_key_${ktype}"
95 $OBJ/cert_host_key_${ktype}-cert.pub || \
97 cat $OBJ/cert_host_key_${ktype}-cert.pub >> $OBJ/host_revoked_cert
124 for ktype in $PLAIN_TYPES ; do
125 verbose "$tid: host ${ktype} cert connect privsep $privsep"
128 echo HostKey $OBJ/cert_host_key_${ktype}
129 echo HostCertificate $OBJ/cert_host_key_${ktype}-cert.pub
134 attempt_connect "$ktype basic connect" "yes"
135 attempt_connect "$ktype empty KRL" "yes" \
137 attempt_connect "$ktype KRL w/ plain key revoked" "no" \
139 attempt_connect "$ktype KRL w/ cert revoked" "no" \
141 attempt_connect "$ktype KRL w/ CA revoked" "no" \
143 attempt_connect "$ktype empty plaintext revocation" "yes" \
145 attempt_connect "$ktype plain key plaintext revocation" "no" \
147 attempt_connect "$ktype cert plaintext revocation" "no" \
149 attempt_connect "$ktype CA plaintext revocation" "no" \
156 for ktype in $PLAIN_TYPES ; do
157 test -f "$OBJ/cert_host_key_${ktype}.pub" || fatal "no pubkey"
158 kh_revoke cert_host_key_${ktype}.pub >> $OBJ/known_hosts-cert.orig
162 for ktype in $PLAIN_TYPES ; do
163 verbose "$tid: host ${ktype} revoked cert privsep $privsep"
166 echo HostKey $OBJ/cert_host_key_${ktype}
167 echo HostCertificate $OBJ/cert_host_key_${ktype}-cert.pub
185 for ktype in $PLAIN_TYPES ; do
186 verbose "$tid: host ${ktype} revoked cert"
189 echo HostKey $OBJ/cert_host_key_${ktype}
190 echo HostCertificate $OBJ/cert_host_key_${ktype}-cert.pub
211 case $ktype in
212 rsa-sha2-*) tflag="-t $ktype"; ca="$OBJ/host_ca_key2" ;;
250 for ktype in $PLAIN_TYPES ; do
252 verbose "$tid: host ${ktype} ${v} cert downgrade to raw key"
254 ${SSHKEYGEN} -q -N '' -t ${ktype} -f $OBJ/cert_host_key_${ktype} || \
255 fail "ssh-keygen of cert_host_key_${ktype} failed"
256 case $ktype in
257 rsa-sha2-*) tflag="-t $ktype"; ca="$OBJ/host_ca_key2" ;;
262 -n $HOSTS $OBJ/cert_host_key_${ktype} ||
263 fatal "couldn't sign cert_host_key_${ktype}"
266 cat $OBJ/cert_host_key_${ktype}.pub
270 echo HostKey $OBJ/cert_host_key_${ktype}
271 echo HostCertificate $OBJ/cert_host_key_${ktype}-cert.pub