I have changed the /usr/local/etc/ssh_known_hosts on client to
--------------------------------- x509v3-sign-rsa "new public key with certifcate"

But when client performs server authentication, the following error message appears:
Friday:~/.ssh# ssh -v -i client_rsa
OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '' is known and matches the RSA+cert host key.
debug1: Found key in /usr/local/etc/ssh_known_hosts:1
ssh_x509_verify: verify failed: error:04067084:rsa routines:RSA_EAY_PUBLIC_DECRYPT:data too large for modulus
key_verify failed for server_host_key

It seems that althoug I use public key (old style) in the ssh_known_hosts, but when the client verify certifcate of server, the client can not recognize the UTF-8 code and rejects the certifcate as the data too long.....


>You can use "old format". i.e. to append OpenSSH "pub file" to user
>Please see ssh-keygen(1).