Displaying 3 results from an estimated 3 matches for "get_hostkey_by_typ".
Did you mean:
get_hostkey_by_type
2013 May 15
1
key rotation on ssh servers
...e this
might happen in the future.
Reading the spec i don't see an explicit prohibition against multiple
keys of the same key type, but i don't see how it would be handled
exactly in the protocol either:
https://tools.ietf.org/html/rfc4253#page-18
Looking at sshd.c, it seems to me that get_hostkey_by_type() only
permits sshd to offer a single key of each type.
Would it be possible for some sshd to offer more than one key of any
given type? If so, this would permit such a key transition from clients
that could support it? Or is there something in the spec that i'm not
seeing which makes this...
2012 Nov 21
1
HostKey in hardware?
Hi,
Is there any way to store HostKey in hardware (and delegate the related
processing)?
I have been using Roumen Petrov's x509 patch for clients, which works via an
OpenSSL engine, but it does not seem to support server HostKey:
http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/2012q4/000019.html
For PKCS#11, I have found an email on this list from a year back suggesting
this
2013 Jun 25
1
RFC: encrypted hostkeys patch
...@@ -767,6 +780,8 @@ list_hostkey_types(void)
for (i = 0; i < options.num_host_key_files; i++) {
key = sensitive_data.host_keys[i];
if (key == NULL)
+ key = sensitive_data.host_pubkeys[i];
+ if (key == NULL)
continue;
switch (key->type) {
case KEY_RSA:
@@ -819,6 +834,8 @@ get_hostkey_by_type(int type, int need_private)
break;
default:
key = sensitive_data.host_keys[i];
+ if (key == NULL && !need_private)
+ key = sensitive_data.host_pubkeys[i];
break;
}
if (key != NULL && key->type == type)
@@ -848,6 +865,14 @@ get_hostkey_by_index(int ind)...