Re: Question regarding x.509-patches ssh-Version
From: Roumen Petrov (openssh_at_roumenpetrov.info)
Date: 04/28/04
- Previous message: Roumen Petrov: "Re: openssh with DSL and DHCP -- ListenAddress?"
- In reply to: Soeren Gerlach: "Question regarding x.509-patches ssh-Version"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 Apr 2004 08:42:35 +0300 To: soeren@all-about-shift.com
Soeren Gerlach wrote:
>Hello,
>
>I've successfully compiled and installed the x.509-patched version from
>Roumen. I've also installed our small CA file and was able to modify
>certificates so they would be used for and verified from the patched
>version.
>Now I'd like to disable all other logins (publickkey, keyboard) other then
>
>
sshd_config contain XXXAuthentication options.
X.509 certificates support is kind of PubkeyAuthentication.
OpenSSH support "ssh-dss" and "ssh-rsa" "public key algorithms".
My patch extend supported "public key algorithms" with "x509v3-sign-rsa"
and "x509v3-sign-dss".
Note that X.509 certificates can be used in
HostbasedAuthentication(disabled by default in sshd_config) too.
In future versions I might add two new server options "PubkeyAlgorithms"
and "HostbasedAlgorithms" to implement you request.
>the ones that can show a valid certificate. From the settings of
>config_sshd this seems not to be possible, have I anything overseen?
>
>
>Thanks,
>Soeren Gerlach
>
>
- Previous message: Roumen Petrov: "Re: openssh with DSL and DHCP -- ListenAddress?"
- In reply to: Soeren Gerlach: "Question regarding x.509-patches ssh-Version"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
