similar to: x509 extension new version is out

I am just finished support for x509 certificate. More information on this page: http://satva.skalasoft.com/~rumen/openssh/

New version "x509e" is out on http://satva.skalasoft.com/~rumen/openssh/ . Now OpenSSH (client and server) can use x509 certificates for hostkeys too. Try it and give to forum (prefered) feedbacks, comments, suggestions, etc.

Hi all, I have pleasure to announce new version f of "X.509 certificates support in OpenSSH" Please to update your bookmarks/favorites with new location: http://roumenpetrov.info/openssh Old location is available too: http://satva.skalasoft.com/~rumen/openssh What's new: * support "Certificate Revocation Lists" (CRLs) * ssh-keyscan can show hostkey with

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi guys, been trying the x509 patch for ssh from Roumen, it works great. However, I can't figure out couple of things, and been trying to solve it for couple of days already. I'am using OpenSSH_4.7p1-hpn12v19, OpenSSL 0.9.8g with 6.1 version of your patch. The serverside hostkey is configured correctly, to present x509v3-sign-rsa dynowork

Hello, I would like to know whether OpenSSH supports x509 certificate based authentication. It looks like OpenSSH has dependency on OpenSSL so does this mean that OpeSSH also supports x509 certificate based authentication. If it does support, can you please point me to the necessary documentation. Thanks Naitik

Hi, I am trying to set up OpenSSH with x509 certs and I'm getting nowhere. I've been at this on and off for days and doing all the googling I can but I'm still not making progress so any help would be very much appreciated. I believe the latest OpenSSH builds support x509 certificates - I'm running 5.5 on Ubuntu 10.04. What I want to do is have users on Windows boxes using

Hi, Could anyone pls help by telling me how the DH pubkey from the server (f) is encoded when it is sent back to me? I understand that it comes across as an mpint, but after I decode the mpint into the bytes that make up the number, what does this number represent? Is it a X509 encoded key? Or is it something else? The reason for my question: I am trying to write a ssh client in Java,

Hi all, I'm trying to install ssh server based on x509 certificates with no result. What I've done is the following: - Build openssh4.7p1 after patching with openssh-4.7p1+x509-6.1.diff.gz without error using ./configure --prefix=/opt/ssh && make && make install in both server and client machines - Create minimal openssl ca structure under /opt/ssh/etc/ca ( self

Hello All. As promised, here is what I needed to do to get the regression tests to work on AIX & HPUX. It goes into a bit of detail in the hope that others might be able to get them running on their platforms. I've run these mods on AIX 4.3.3, HP-UX 11.00, Solaris 8, Redhat 7.3 and OpenBSD 3.0. The problems I encountered: * prereqs (pmake, md5sum) * bad directory owner/mode causing auth

Hello, I have paid attention to the issue about the X509-based certificate support in standard openssh. Because I also need the support of X509-based certificates in my project, and also I have developed specific version of openssh to pass the proxy certificate from client to server. But I used the PAM module to verify the proxy and authorize the accessors. I wonder whether current support in

Hi All, The version 6.1 of "X.509 certificates support in OpenSSH" is ready for download. On page http://www.roumenpetrov.info/openssh/download.html you can found diffs for OpenSSH versions 4.5p1,4.6p1 and 4.7p1. Details ( from http://www.roumenpetrov.info/openssh ): * distinguished name compare bug(security): The bug affect versions 6.0 and 6.0.1 only. The work around is to

On command: #kill -9 `cat /var/run/sshd.pid` sshd leave pid file ! sshd.c code: =============== .... /* * Arrange to restart on SIGHUP. The handler needs * listen_sock. */ signal(SIGHUP, sighup_handler); signal(SIGTERM, sigterm_handler); signal(SIGQUIT, sigterm_handler); .... =============== Missing line is : signal(SIGKILL, sigterm_handler);

cc -g -I. -I. -I/opt/openssl-0.9.6c/include -I. -I/usr/local/include -DETCDIR=\"/opt/openssh-3.0.2p1-x509/etc\" -D_PATH_SSH_PROGRAM=\"/opt/openssh-3.0.2p1-x509/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/opt/openssh-3.0.2p1-x509/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/opt/openssh-3.0.2p1-x509/libexec/sftp-server\" -D_PATH_SSH_PIDDIR=\"/var/run\"

hi I''m trying to get ipsec working with x509 certificates however I just can''t seem to. I''ve hit a road block and was wondering if someone could help me figure it out. my racoon.conf (I have it mirrored on the connecting machine. path pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/certs"; remote anonymous { exchange_mode

https://bugzilla.mindrot.org/show_bug.cgi?id=1749 Summary: ssh-keygen cant "import" a generic x509 rsa public key Product: Portable OpenSSH Version: 5.4p1 Platform: Other OS/Version: Other Status: NEW Severity: normal Priority: P2 Component: ssh-keygen AssignedTo: unassigned-bugs at

This (very quick) patch allows you to connect with the commercial ssh.com windows client and use x509 certs for hostkeys. You have to import your CA cert (ca.crt) in the windows client and certify your hostkey: $ cat << 'EOF' > x509v3.cnf CERTPATHLEN = 1 CERTUSAGE = digitalSignature,keyCertSign CERTIP = 0.0.0.0 [x509v3_CA]

Hi Everyone, I'd like to ask a question about libvirt xml config. I am using kvm with tls certification. For some reason I need to specify a unique certificate file for every instance, so my kvm command would be like: /usr/libexec/qemu-kvm -spice port=5900,tls-port=5901,addr=0.0.0.0,disable-ticketing,x509-dir=/openstack/etc/pki/libvirt-spice the argument

Hello everybody, I'll try to find out some info about Samba and a way to put x509 authenticate method but i don't find anything clear about it. I found in the how-to v3 some stuff about authenticate PAM module to use with samba but I don't know if I look in the right direction. I have a samba server running for a lots of time based on smbpass DB. We plan to use our PKI certs to

Hi there, As of Dovecot 2.2.9, it's possible to enable passwordless authentication using client certificates [1]: ssl_ca = </etc/ssl/ca.pem ssl_verify_client_cert = yes auth_ssl_username_from_cert = yes (Password checking can be bypassed by returning the extra fields ?password= nopassword? in the passdb when the variable ?%k? expands to "valid".) However this

Hello everybody, I'll try to find out some info about Samba and a way to put x509 authenticate method but i don't find anything clear about it. I found in the how-to v3 some stuff about authenticate PAM module to use with samba but I don't know if I look in the right direction. I have a samba server running for a lots of time based on smbpass DB. We plan to use our PKI certs to