TL server/agent sshkeys signed by CA

Hi,

tlclient (tested only with current linux version) does seem
to ignore any CA keys in /opt/thinlinc/etc/ssh_known_hosts added via, i.e :

echo "@cert-authority *.example.com $(cat /etc/ssh/ca.pub)" >>/opt/thinlinc/etc/ssh_known_hosts

In my use case, all hosts running TL software have their sshkeys signed by a CA.
I propose to implement support for ssh keys signed by a CA. Specifically,
if CA sshpubkey is in /opt/thinlinc/etc/ssh_known_hosts tlclient should happily
accept any (barring CRL) ssh key signed by it without warning user about unknown authenticity/fingerprint.

Hi @jubork

Welcome to the forum.

This feature is being tracked in our Bugzilla as #7641:

https://bugzilla.cendio.com/show_bug.cgi?id=7641

Please feel free to subscirbe to this bug for updates, your interest in this feature has been noted.

Are you able to tell us a little bit more about your use case, and the background behind this requirement?