From b92b74422f12024a791229f7a130fe4f207608a1 Mon Sep 17 00:00:00 2001 From: Andika Triwidada Date: Mar 10 2022 10:48:39 +0000 Subject: Fix some typos --- diff --git a/modules/system-administrators-guide/pages/infrastructure-services/OpenSSH.adoc b/modules/system-administrators-guide/pages/infrastructure-services/OpenSSH.adoc index b06b2dc..a1c02c4 100644 --- a/modules/system-administrators-guide/pages/infrastructure-services/OpenSSH.adoc +++ b/modules/system-administrators-guide/pages/infrastructure-services/OpenSSH.adoc @@ -750,7 +750,7 @@ HostCertificate /etc/ssh/ssh_host_rsa_key-cert.pub ~]#{nbsp}systemctl restart sshd.service ---- -. On user's systems. remove keys belonging to hosts from the `~/.ssh/known_hosts` file if the user has previously logged into the host configured above. When a user logs into the host they should no longer be presented with the warning about the hosts authenticity. +. On user's systems, remove keys belonging to hosts from the `~/.ssh/known_hosts` file if the user has previously logged into the host configured above. When a user logs into the host they should no longer be presented with the warning about the hosts authenticity. To test the host certificate, on a client system, ensure the client has set up the global `/etc/ssh/known_hosts` file, as described in xref:proc-Trusting_the_Host_Signing_Key[Trusting the Host Signing Key], and that the server's public key is not in the `~/.ssh/known_hosts` file. Then attempt to log into the server over SSH as a remote user. You should not see a warning about the authenticity of the host. If required, add the [option]`-v` option to the SSH command to see logging information. @@ -784,7 +784,7 @@ The default behavior of OpenSSH is that a user is allowed to log in as a remote @cert-authority principals="name1,name2" *.example.com ssh-rsa pass:quotes[_AAAAB5Wm._] ---- -* On the server, create an `AuthorizedPrincipalsFile` file, either per user or glabally, and add the principles' names to the file for those users allowed to log in. Then in the `/etc/ssh/sshd_config` file, specify the file using the [command]#AuthorizedPrincipalsFile# directive. +* On the server, create an `AuthorizedPrincipalsFile` file, either per user or globally, and add the principles' names to the file for those users allowed to log in. Then in the `/etc/ssh/sshd_config` file, specify the file using the [command]#AuthorizedPrincipalsFile# directive. [[proc-Generating_a_User_Certificate]] .Generating a User Certificate @@ -964,7 +964,7 @@ To view a certificate, use the [option]`-L` to list the contents. For example, f permit-user-rc ---- -To vew a host certificate: +To view a host certificate: ---- ~]# ssh-keygen -L -f /etc/ssh/ssh_host_rsa_key-cert.pub @@ -984,7 +984,7 @@ To vew a host certificate: [[sec-Revoking_an_SSH_CA_Certificate]] === Revoking an SSH CA Certificate -If a certificate is stolen, it should be revoked. Although OpenSSH does not provide a mechanism to distribute the revocation list it is still easier to create the revocation list and distribute it by other means then to change the CA keys and all host and user certificates previously created and distributed. +If a certificate is stolen, it should be revoked. Although OpenSSH does not provide a mechanism to distribute the revocation list it is still easier to create the revocation list and distribute it by other means than to change the CA keys and all host and user certificates previously created and distributed. Keys can be revoked by adding them to the `revoked_keys` file and specifying the file name in the `sshd_config` file as follows: