FW: Returned post for secureshell@securityfocus.com

From: Robert Campbell (robert.campbell_at_ecommnet.co.uk)
Date: 06/27/05

  • Next message: huang bo: "how can I input password in popen("ssh...") ?"
    Date: Mon, 27 Jun 2005 20:10:42 +0100
    To: <secureshell@securityfocus.com>

    Note : newbie to OpenSSH.

    I understand that x.509 certificates can be used to authenticate users
    to an openssh server.
    Am I correct that this can be done without the need for a CA or OCSP
    Am I correct that this can be done using simple entries in the
    authorized_keys file?

    If the above is true can someone help me with the generation and format
    of the entry in the authorized_keys file

    So far I have got

    x509v3-sign-rsa DN CERT_BLOB

    It's the format of the cert blob I can't work out.

    I have read Roumen Petrov's README.X509v3 file but cant quite make the
    final leap....


    Anyone experienced using smartcards for login to OpenSSH in this way?

    Robert Campbell
    Managing Director
    ecommnet ltd.
    Aidan House
    Tynegate Precinct
    Sunderland Road
    Tyne and Wear
    UK NE83HU
    T:+44 191 478 8315
    F:+44 191 478 9466
    M:+44 7801 270 264
    W: www.ecommnet.co.uk
    Solutions for lap-top and mobile security, email archiving and anti-SPAM

  • Next message: huang bo: "how can I input password in popen("ssh...") ?"

    Relevant Pages

    • RE: Using public key pair to authenticate
      ... Part of it has to do with the way that OpenSSH and SSH.com internally handle their keys. ... The default for OpenSSH is that the key is stored in authorized_keys in the .ssh directory with the following format: ... while ssh.com has a file in the .ssh2 directory called authorization that contains the following type of info: ... > When I try connecting to the remote server, I am asked to type in the ...
    • Re: F-Secure client talking to OpenSSH server
      ... You need to reformat the public key from SECSH format to the OpenSSH format. ... print the key in a `SECSH Public Key File Format' to stdout. ...
    • Re: OpenSSH for Windows und Putty
      ... und alles in einer Zeile) dann speichert die aktuelle Version des PuttyGen für Windows das nicht richtig ab. ... OpenSSH authorized_keys file:" zeigt es korrekt an. ... Das Format ist richtig, daran liegt es bei mir nicht. ... Ich werde mal versuchen den Server nicht als Dienst zu starten - so wie Alexander sagte. ...
    • Re: OpenSSH for Windows und Putty
      ... Wenn das Format wirklich so ist wie in beschrieben, ... Der so gespeicherte Public Key ist allerdings FÜR OPENSSH ... mit dem kann nur PuTTy (und somit auch der PuTTY ... Alexander Skwar ...
    • OpenSSH, privilage separation
      ... Apparently the new OpenSSH 3.3 (released yesterday) has privilage ... I never really learned the format of /etc/passwd properly, ...