Re: X509 certificates with ssh
From: Timo Felbinger (Timo.Felbinger_at_quantum.physik.uni-potsdam.de)
Date: 10/25/03
- Previous message: Wolfram Greinert: "Re: no publickey auth with OpenSSH_3.7.1p2 and HPUX11i"
- In reply to: Julie Bielski: "Re: X509 certificates with ssh"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 25 Oct 2003 14:58:03 +0200
On Sat, 25 Oct 2003, Julie Bielski wrote:
> Timo,
>
> Thanks for your response. My bigger problem turned out to be the private key
> rather than the public key. The keytool utility does not allow you to
> extract the private key from it's Java Key Store file (.keystore). Without
> the private key, there's no way to authenticate. So I just decided to use
> separate keys for signing vs. authentication. I'll use the keys I created
> with keytool for signing, and my id_dsa/id_dsa.pub keys for authentication
> with ssh.
>
Not sure whether this is an option for you, but if you could use
openssl (subcommand "genrsa" or "gendsa") for key generation, the
private key will be generated in the correct format for OpenSSH,
with no conversion required at all. For the public part, I like to
store it in a certificate, as this bundles the key with additional
information on its owner, and it allows easy verification of key
integrity.
Regards,
Timo
-- Timo Felbinger <Timo.Felbinger@physik.uni-potsdam.de> Quantum Physics Group http://www.quantum.physik.uni-potsdam.de Institut fuer Physik Tel: +49 331 977 1793 Fax: -1767 Universitaet Potsdam, Germany
- Previous message: Wolfram Greinert: "Re: no publickey auth with OpenSSH_3.7.1p2 and HPUX11i"
- In reply to: Julie Bielski: "Re: X509 certificates with ssh"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
