similar to: x509v3-sign-rsa authentication type...

I'm attaching a patch to allow ssh client to get a pin from the command line when using a smartcard. Most of it is from a patch by Danny De Cock <godot () ulyssis ! org>, but I've used the ssh read_passphrase function instead. Any errors are mine, I'm sure. This enables ssh -I 0 to use a pin-protected smartcard via opensc. Thanks, Kevin Stefanik -------------- next part

I wasn't having much luck getting a key and certificate stored on a hardware token to work until I made this fix. The ssh_rsa_sign key was not using either overloading. I used the rsa.meth way, instead of the engine. With this patch ssh-add works. I'm working on getting ssh to take a PIN, but when I put in a call to read_passphrase in the appropriate place, it muddies the waters

This (very quick) patch allows you to connect with the commercial ssh.com windows client and use x509 certs for hostkeys. You have to import your CA cert (ca.crt) in the windows client and certify your hostkey: $ cat << 'EOF' > x509v3.cnf CERTPATHLEN = 1 CERTUSAGE = digitalSignature,keyCertSign CERTIP = 0.0.0.0 [x509v3_CA]

Hello subscribers, I have a very strange question regarding SSL setup on gluster storage. I have create a common CA and sign certificate for my gluster nodes, placed host certificate, key and common CA certificate into /etc/ssl/, create a file called secure-access into /var/lib/glusterd/ Then, I start glusterd on all nodes, system work fine, I see with peer status all of my nodes. No problem.

Hi all, I'm trying to install ssh server based on x509 certificates with no result. What I've done is the following: - Build openssh4.7p1 after patching with openssh-4.7p1+x509-6.1.diff.gz without error using ./configure --prefix=/opt/ssh && make && make install in both server and client machines - Create minimal openssl ca structure under /opt/ssh/etc/ca ( self

Dear List, Regarding the "X509v3 Certificates" patch ... (See links below) - http://marc.info/?l=openssh-unix-dev&m=110976923021961&w=2 - http://marc.info/?l=openssh-unix-dev&m=110973268111830&w=2 - http://roumenpetrov.info/openssh How would I apply this patch to the OpenSSH currently in FreeBSD(.org) and/or PC-BSD(.org)?? Please CC: me on the reply because I

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi guys, been trying the x509 patch for ssh from Roumen, it works great. However, I can't figure out couple of things, and been trying to solve it for couple of days already. I'am using OpenSSH_4.7p1-hpn12v19, OpenSSL 0.9.8g with 6.1 version of your patch. The serverside hostkey is configured correctly, to present x509v3-sign-rsa dynowork

I''m trying to split out my certificate authority and have one CA and multiple masters, currently using round robin DNS, possibly using HAproxy later. Got most of the way there but tangled up in names and certificates. When the Puppet CA generated it''s certificate the PTR record for it''s IP pointed back to it''s domain name ("henson") and it had a CNAME

When is the x.509 patch going to become part of the main distribution of OpenSSH, and if not, why? Looks like other projects i.e. OpenSC might be using it now as well. Secondly, thought I'd try it again, new patch (Validator), same error... TIA, cs ######################## # ssh-x509 Unknown Public Key Type ######################## 1 Installed OpenSSL-0.9.7d (no customization) 2

Hello list members, I would like to inform that version 7.1 of X.509 certificate support) is ready. The just published update from "Integration" series offer direct support of X.509 certificates based on RSA keys from PKCS11module. Another integration update is that now you could you use FIPS capable OpenSSL library in FIPS mode. As result of above mentioned features

https://bugzilla.mindrot.org/show_bug.cgi?id=2547 Bug ID: 2547 Summary: ssh-ext-info: missing server signature algorithms Product: Portable OpenSSH Version: 7.2p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at

Hi, I am trying to set up OpenSSH with x509 certs and I'm getting nowhere. I've been at this on and off for days and doing all the googling I can but I'm still not making progress so any help would be very much appreciated. I believe the latest OpenSSH builds support x509 certificates - I'm running 5.5 on Ubuntu 10.04. What I want to do is have users on Windows boxes using

I'm pleased to announce that the version "h"(code-name Validator) of "X.509 certificates support in OpenSSH" is now available for immediate download at http://roumenpetrov.info/openssh. Features: * "x509v3-sign-rsa" and "x509v3-sign-dss" public key algorithms * certificate verification * certificate validation o CRL o OCSP (optional and

Hi All, Diffs of "X.509v3 certificates support for OpenSSH" versions g4(Compatibility) and h(Validator) for OpenSSH-3.9p1 are ready for download. Please visit "http://roumenpetrov.info/openssh" for more information. Features: * "x509v3-sign-rsa" and "x509v3-sign-dss" public key algorithms * certificate verification * certificate validation o CRL o

Hello, I made upgrade from 3.0.2-2 to 3.0.4-1. I can''t start more than one domUs concurently. for example: I had 3 domUs called www1, www2, www3. I can start www1 and it works fine. Next I start www2 and server go immediately for reboot. I can start www2 and it works fine. Next I start www3 and server go for reboot. ... What''s happened in 3.0.4-1 ? Thank''s Dusan

Hi, I need to add X.509 Certificate support to OpenSSH. I came across the following post on the openssh-unix-dev mailing list that is very useful: http://marc.info/?l=openssh-unix-dev&m=120298135706959&w=2 <http://marc.info/?l=openssh-unix-dev&m=120298135706959&w=2> And also, http://marc.info/?l=openssh-unix-dev&m=104395024824680&w=2

Hi Roumen, I discovered that the need of appending the .pub part of id_rsa(client key+cert) on the server can be eliminated by adding the Certificate Blob to authorized_keys which could look something like this: x509v3-sign-rsa subject= /C=FR/ST=PARIS/L=DESEl/O=SSL/OU=VLSI/CN=10.244.82.83/emailAddress=client at company.com This is extracted from the client certificate using openssl as

New version "x509e" is out on http://satva.skalasoft.com/~rumen/openssh/ . Now OpenSSH (client and server) can use x509 certificates for hostkeys too. Try it and give to forum (prefered) feedbacks, comments, suggestions, etc.

Hi All, The version 5.3 of "X.509 certificates support in OpenSSH" is published. This version adds preliminary support for "x509v3-sign-rsa-sha1" and "x509v3-sign-dss-sha1" key type names in conformance with "draft-ietf-secsh-x509-02.txt" and extends "x509v3-sign-dss key type with signatures in "ssh-dss" format. More details on page

Hi, I'm configuring Samba 3.0 to store users in ldap server. I've configured openldap 2.1 with SSL and it worked properly with ldap commands but when I try using then smbpasswd command it reports me the error: failed to bind to server with dn= cn=Manager,dc=openwired,dc=net Error: Can't contact LDAP server TLS: hostname does not match CN in peer certificate Connection to