Re: Question regarding x.509-patches ssh-Version
From: Roumen Petrov (openssh_at_roumenpetrov.info)
Date: Wed, 28 Apr 2004 08:42:35 +0300 To: email@example.com
Soeren Gerlach wrote:
>I've successfully compiled and installed the x.509-patched version from
>Roumen. I've also installed our small CA file and was able to modify
>certificates so they would be used for and verified from the patched
>Now I'd like to disable all other logins (publickkey, keyboard) other then
sshd_config contain XXXAuthentication options.
X.509 certificates support is kind of PubkeyAuthentication.
OpenSSH support "ssh-dss" and "ssh-rsa" "public key algorithms".
My patch extend supported "public key algorithms" with "x509v3-sign-rsa"
Note that X.509 certificates can be used in
HostbasedAuthentication(disabled by default in sshd_config) too.
In future versions I might add two new server options "PubkeyAlgorithms"
and "HostbasedAlgorithms" to implement you request.
>the ones that can show a valid certificate. From the settings of
>config_sshd this seems not to be possible, have I anything overseen?