hi, we have been looking for ways to implement digital certificate authentication in openssh. Pointers to similar kind of ongoing work will be more appreciated. Thanks.
On 6 Jan, venki wrote:> we have been looking for ways to implement digital certificate authentication > in openssh. Pointers to similar kind of ongoing work will be more > appreciated. Thanks.We have implemented it in our product which among other things uses openssh. Unfortunately I can not share any meaningful code since it relies heavily on other parts of our infrastructure. But I should at least be able to answer questions about it. But it is relatively straightforward to implement. x509v3-sign-rsa and x509v3-sign-dss are defined public key algorithm names. The most interesting decision is how to determine if a give certificate gives access to a certain account. The easiest solution is to use something like the authorized_keys file, but other more interesting solutions are possible. /MaF -- Martin Forssen <maf at appgate.com> Development Manager Phone: +46 31 7744361 AppGate Network Security AB
On Mon, Jan 06, 2003 at 12:17:33PM +0530, venki wrote:> we have been looking for ways to implement digital certificate authentication > in openssh. Pointers to similar kind of ongoing work will be more > appreciated. Thanks.check http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=101247582424495&w=2