Roumen Petrov
2011-Sep-08 16:39 UTC
Announce: X.509 certificates support v7.0 for OpenSSH version 5.9p1
Hi All, Version 7.0 of "X.509 certificates support in OpenSSH" is ready for immediate download. This version allow client to use certificates and keys stored into external devices. The implementation is based on openssl dynamic engines. For instance E_NSS engine ( http://developer.berlios.de/projects/enss ) will allow you to use certificates and keys from Firefox, SeaMonkey, Thunderbird security database to authenticate to remote hosts. Regards, Roumen Petrov -- Get X.509 certificates support in OpenSSH: http://roumenpetrov.info/openssh/
Erwin Himawan
2011-Sep-14 13:44 UTC
Announce: X.509 certificates support v7.0 for OpenSSH version 5.9p1
Hi Roumen, Does Ver 7.0 support X509 with ECC key (prime256v1)? Supposing, that ver 7.0 supports ECC key, is the procedure for configuring x509-based openssh with ECC key is similar when configuring it wirh RSA keypair? Should I use openssl ver 1.0.0.d to build the openssh? Thanks in advanced. Regards, Erwin On Thu, Sep 8, 2011 at 11:39 AM, Roumen Petrov <openssh at roumenpetrov.info>wrote:> Hi All, > > Version 7.0 of "X.509 certificates support in OpenSSH" is ready for > immediate download. > > This version allow client to use certificates and keys stored into external > devices. The implementation is based on openssl dynamic engines. > > For instance E_NSS engine ( http://developer.berlios.de/**projects/enss<http://developer.berlios.de/projects/enss>) will allow you to > use certificates and keys from Firefox, SeaMonkey, Thunderbird security > database to authenticate to remote hosts. > > > Regards, > Roumen Petrov > > > -- > Get X.509 certificates support in OpenSSH: > http://roumenpetrov.info/**openssh/ <http://roumenpetrov.info/openssh/> > > > > ______________________________**_________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/**mailman/listinfo/openssh-unix-**dev<https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev> >
Roumen Petrov
2011-Sep-15 19:54 UTC
Announce: X.509 certificates support v7.0 for OpenSSH version 5.9p1
Erwin Himawan wrote:> Hi Roumen, > > Does Ver 7.0 support X509 with ECC key (prime256v1)? > > Supposing, that ver 7.0 supports ECC key, is the procedure for configuring > x509-based openssh with ECC key is similar when configuring it wirh RSA > keypair? > Should I use openssl ver 1.0.0.d to build the openssh? > > Thanks in advanced. > > Regards, > ErwinRFC 6187 (March 2011, X.509v3 Certificates for Secure Shell Authentication) is not implemented yet. Roumen