Adriana Rodean
2008-Dec-16 09:32 UTC
Patch for OpenSSH for Windows to allow authentication through certificates
Hi all, Does anyone know if it exists a patch for OpenSSH for Windows to allow authentication through certificates? Is it possible to make one if it doesn't exists? Using OpenSSH for Windows 3.8p1-1 20040709 Build. I know there is Roumen Petrov patch, but is for unix machines if i'm not mistaken. I need a similar one for Windows that work with the Roumen Petrov patch so i can have authentication through certificates between Windows machine and Linux machine. Any help greatly appreciated, Adriana
Roumen Petrov
2008-Dec-23 09:37 UTC
Patch for OpenSSH for Windows to allow authentication through certificates
Adriana Rodean wrote:> Hi all, > > Does anyone know if it exists a patch for OpenSSH for Windows to allow > authentication through certificates? > Is it possible to make one if it doesn't exists? > Using OpenSSH for Windows 3.8p1-1 20040709 Build. > > I know there is Roumen Petrov patch, but is for unix machines if i'm > not mistaken. > I need a similar one for Windows that work with the Roumen Petrov > patch so i can have authentication through certificates between > Windows machine and Linux machine. > > Any help greatly appreciated, > AdrianaDid you try the patch on cygwin platform ? The patch don't use specific to the unix/posix methods(functions). Roumen -- Get X.509 certificates support in OpenSSH: http://roumenpetrov.info/openssh/
Adriana Rodean
2009-Mar-06 09:36 UTC
Patch for OpenSSH for Windows to allow authentication through certificates
Hi all, We patched it on cygwin and got executables to run, but when I try to connect to server I got the following from client: Debug3: ssh_x509cert_check: for ?c=ME,ST=ME,L=ME,O=Internet Widgits Pty Ltd? ssh_x509store_cb: subject=?c=ME,ST=ME,L=ME,O=Internet Widgits Pty Ltd?, error 20 at 0 depth lookup:unable to get local issuer certificate Ssh_verify_cert: verify error, code=20, msg=? unable to get local issuer certificate? I run executable under Windows with cygwin dlls in same folder. Thank you, Adriana.
Roumen Petrov
2009-Mar-07 20:49 UTC
Patch for OpenSSH for Windows to allow authentication through certificates
Hi Adriana , Adriana Rodean wrote:> Hi all, > > We patched it on cygwin and got executables to run, but when I try to > connect to server I got the following from client: > > > > Debug3: ssh_x509cert_check: for ?c=ME,ST=ME,L=ME,O=Internet Widgits Pty Ltd? > > ssh_x509store_cb: subject=?c=ME,ST=ME,L=ME,O=Internet Widgits Pty Ltd?, error > > 20 at 0 depth lookup:unable to get local issuer certificate > > Ssh_verify_cert: verify error, code=20, msg=? unable to get local > issuer certificate? > > I run executable under Windows with cygwin dlls in same folder. > > Thank you, > Adriana.To verify server certificate you need "trust certificate chain". See ssh_config manual page for "x509_store" optionslike CACertificateFile and CACertificatePath and also UserCACertificateFile and UserCACertificatePath. You could check openssh x509 store with openssl command: $ openssl --verify [-CApath directory] [-CAfile file] certificate In you case openssl arguments -CApath -CAfile correspond to openssh config options {|User}CACertificatePath {|User}CACertificateFile and certificate is you server certificate. Roumen