RE: make x.509 certificate authentication work with ssh

From: STEWARD, Curtis (Jamestown) (Curtis.Steward@goodrich.com)
Date: 02/21/03

  • Next message: Brian Hatch: "Re: Lock Account" 
    From: "STEWARD, Curtis (Jamestown)" <Curtis.Steward@goodrich.com>
To: "'qing.lu@kodak.com'" <qing.lu@kodak.com>
Date: Fri, 21 Feb 2003 12:59:51 -0500

    Qing,

    I've inquired on the list before and couldn't come up with
    any plans to incorporate any particular X.509 functionality
    into the code for OpenSSH.

    However, I'm aware of two patches for OpenSSH
    for X.509:

    http://satva.skalasoft.com/~rumen/openssh/
    http://www.ncsa.uiuc.edu/Divisions/ACES/GSI/openssh/

    I've had most luck with NCSA's GSI in standalone (without complete
    grid security). They just came out with 1.8 and it seems fairly mature.
    If you need additional doc let me know.

    cs
    -----Original Message-----
    From: qing.lu@kodak.com [mailto:qing.lu@kodak.com]
    Sent: Thursday, February 20, 2003 5:18 PM
    To: secureshell@securityfocus.com
    Subject: make x.509 certificate authentication work with ssh

    Hello all,

    I have ssh server on UNIX ---openssh 3.5p1 and ssh client on window or unix
    with Secure CRT (commertial version) or F-Secure (commertial version) client
    or openssh client. I can make public key authentication with user key work
    but not public key authentication with x.509 certificate. I have already got
    my CA, server and client certificate. I like to know what do I need to do on
    both server and client side in order to make it work. What options I need to
    set in configuration file? I found the help pages in openssh and SecureCRT,
    F-Secure are really laking of information in this regard.

    I apprecite any help from the group.

    Thanks,
    Qing

    Relevant Pages

    • Announce: OpenSSH 4.2 released
      ... OpenSSH 4.2 has just been released. ... implementation and includes sftp client and server support. ...
      (SSH)
    • Re: openssh + putty interoperability
      ... > OpenSSH to a combination of Dropbear (presumably server) and PuTTY ... > (presumably client); so where does OpenSSH come into the question? ...
      (comp.security.ssh)
    • Re: Incorrect protocol implementation by OpenSSH?
      ... when the server receives an SSH_MSG_CHANNEL_REQUEST message to ... SSH_MSG_CHANNEL_REQUEST message sent by the OpenSSH client contains a 0 ... OpenSSH client is not. ... single command lines. ...
      (comp.security.ssh)
    • Re: OpenSSH_3.5p1 server, PC clients cannot connect
      ... This is a new installation of OpenSSH on this server. ... Here are some additional notes from the logs, and from the client side: ... dies immediately after this DEBUG log entry: ...
      (SSH)
    • [djm@cvs.openbsd.org: OpenSSH 4.0 released]
      ... OpenSSH 4.0 has just been released. ... implementation and includes sftp client and server support. ... AllowGroups and DenyGroups (Bugzilla #909) ...
      (FreeBSD-Security)