Roumen Petrov
2006-Apr-27 18:38 UTC
Announce: X.509 certificates support in OpenSSH version 5.4
Hi All, The version 5.4 of "X.509 certificates support in OpenSSH" is ready for download. On download page http://roumenpetrov.info.localhost/openssh/download.html#get_-5.4 you can found diffs for OpenSSH versions 4.2p1 and 4.3p2. What's new: * given up support for "x509v3-sign-rsa-sha1" and "x509v3-sign-dss-sha1" The implementation realised in previous version 5.3 is not fully in conformance with "draft-ietf-secsh-x509-02.txt" * correct nid for OCSP responder location All version before 5.4 search for nid "id-pkix-ocsp-service-locator" instead for correct one "id-ad-ocsp" to find location of OCSP responder. * public key permit X.509 certificate for authentication Now the public key listed in authorized keys file permit too a X.509 certificate with public key that match it to be used in "public key authentication". * client option "PubkeyAlgorithms" This new clent option specifies the protocol version 2 algorithms used in "publickey" authentication allowed to sent to the host. * server option "KeyAllowSelfIssued" This new server option specifies whether only public key or certificate blob listed in authorized keys file can allow self-issued(self-signed) X.509 certificate to be used for user authentication. Please visit "http://roumenpetrov.info/openssh/" for more information about "X.509 certificates support in OpenSSH". Regards, Roumen Petrov
Reasonably Related Threads
- Announce: X.509 certificates support in OpenSSH-3.9p1
- Announce: X.509 certificates support in OpenSSH(version h-Validator)
- X.509 certificate integration continue with PKCS11 and FIPS capable OpenSSL
- Announce: X.509 certificates support version 5.5.1 in OpenSSH 4.4p1
- Announce: X.509 certificates support in OpenSSH (version 6.1-International)