search for: cacertificatefil

Hi all, Does anyone know if it exists a patch for OpenSSH for Windows to allow authentication through certificates? Is it possible to make one if it doesn't exists? Using OpenSSH for Windows 3.8p1-1 20040709 Build. I know there is Roumen Petrov patch, but is for unix machines if i'm not mistaken. I need a similar one for Windows that work with the Roumen Petrov patch so i can have

...allow logins from users who have certificates signed by the trusted issuing CA at the end of the chain above. Presumably the server needs the whole CA chain and I've tried cat'ing the .pem files for the CA certificates together and copying the result to a file that I've pointed to with CACertificateFile in sshd_config. In the authorized_keys I've got: x509v3-sign-rsa subject= /C=COUNTRY/ST=STATE/O=ORGANIZATION/OU=OU/CN=CN ie. the DN of the ROOT CA certificate - should this instead be the issuing CA? Generally any pointers would be very helpful, I've found Roumen Petrovs patches and read...

...r host id using (under /opt/ssh/etc): cat server-key.pem > ssh_host_key_cert cat server.pem >> ssh_host_key_cert chmod 0600 ssh_host_key_cert ../bin/ssh-keygen -y > ssh_host_key_cert.pub // entering ssh_host_key_cert as key - Changing /opt/ssh/etc/sshd_config: CACertificateFile /opt/ssh/etc/ca/crt/cacert.pem Port 4422 X509KeyAlgorithm x509v3-sign-rsa,rsa-md5 X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1 AllowedCertPurpose sslclient PasswordAuthentication no - Customizing server user configuration cat /opt/ssh/etc/ssh_host_key_cert.pub > .ssh/au...

...no #Compression yes #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10 # no default banner path #Banner /some/path # override default of no subsystems Subsystem sftp /usr/local/libexec/sftp-server X509rsaSigType=md5 #AllowedCertPurpose sslserver #CACertificateFile /root/tk/openssh-3.8p1/tests/CA/ca-test/catest-bundle.crt CACertificateFile /root/.ssh/ca-bundle.crt #CACertificatePath /root/tk/openssh-3.8p1/tests/CA/ca-test/crt CACertificatePath /root/demoCA #CARevocationFile /root/tk/openssh-3.8p1/tests/CA/ca-test/catest-bundle.crl #CARevocationPath /root/tk/...