search for: get_hostkey_by_typ

Displaying 3 results from an estimated 3 matches for "get_hostkey_by_typ".

Did you mean: get_hostkey_by_type
2013 May 15
1
key rotation on ssh servers
...e this might happen in the future. Reading the spec i don't see an explicit prohibition against multiple keys of the same key type, but i don't see how it would be handled exactly in the protocol either: https://tools.ietf.org/html/rfc4253#page-18 Looking at sshd.c, it seems to me that get_hostkey_by_type() only permits sshd to offer a single key of each type. Would it be possible for some sshd to offer more than one key of any given type? If so, this would permit such a key transition from clients that could support it? Or is there something in the spec that i'm not seeing which makes this...
2012 Nov 21
1
HostKey in hardware?
Hi, Is there any way to store HostKey in hardware (and delegate the related processing)? I have been using Roumen Petrov's x509 patch for clients, which works via an OpenSSL engine, but it does not seem to support server HostKey: http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/2012q4/000019.html For PKCS#11, I have found an email on this list from a year back suggesting this
2013 Jun 25
1
RFC: encrypted hostkeys patch
...@@ -767,6 +780,8 @@ list_hostkey_types(void) for (i = 0; i < options.num_host_key_files; i++) { key = sensitive_data.host_keys[i]; if (key == NULL) + key = sensitive_data.host_pubkeys[i]; + if (key == NULL) continue; switch (key->type) { case KEY_RSA: @@ -819,6 +834,8 @@ get_hostkey_by_type(int type, int need_private) break; default: key = sensitive_data.host_keys[i]; + if (key == NULL && !need_private) + key = sensitive_data.host_pubkeys[i]; break; } if (key != NULL && key->type == type) @@ -848,6 +865,14 @@ get_hostkey_by_index(int ind)...