Re: Question regarding x.509-patches ssh-Version

From: Roumen Petrov (openssh_at_roumenpetrov.info)
Date: 04/28/04

  • Next message: Wes Strickling: "RE: openssh with DSL and DHCP -- ListenAddress?"
    Date: Wed, 28 Apr 2004 08:42:35 +0300
    To: soeren@all-about-shift.com
    
    

    Soeren Gerlach wrote:

    >Hello,
    >
    >I've successfully compiled and installed the x.509-patched version from
    >Roumen. I've also installed our small CA file and was able to modify
    >certificates so they would be used for and verified from the patched
    >version.
    >Now I'd like to disable all other logins (publickkey, keyboard) other then
    >
    >
    sshd_config contain XXXAuthentication options.
    X.509 certificates support is kind of PubkeyAuthentication.
    OpenSSH support "ssh-dss" and "ssh-rsa" "public key algorithms".
    My patch extend supported "public key algorithms" with "x509v3-sign-rsa"
    and "x509v3-sign-dss".

    Note that X.509 certificates can be used in
    HostbasedAuthentication(disabled by default in sshd_config) too.

    In future versions I might add two new server options "PubkeyAlgorithms"
    and "HostbasedAlgorithms" to implement you request.

    >the ones that can show a valid certificate. From the settings of
    >config_sshd this seems not to be possible, have I anything overseen?
    >
    >
    >Thanks,
    >Soeren Gerlach
    >
    >


  • Next message: Wes Strickling: "RE: openssh with DSL and DHCP -- ListenAddress?"