similar to: Regarding the "X509v3 Certificates" patch

Hi All, The version 5.4 of "X.509 certificates support in OpenSSH" is ready for download. On download page http://roumenpetrov.info.localhost/openssh/download.html#get_-5.4 you can found diffs for OpenSSH versions 4.2p1 and 4.3p2. What's new: * given up support for "x509v3-sign-rsa-sha1" and "x509v3-sign-dss-sha1" The implementation realised in previous

I'm pleased to announce that the version "h"(code-name Validator) of "X.509 certificates support in OpenSSH" is now available for immediate download at http://roumenpetrov.info/openssh. Features: * "x509v3-sign-rsa" and "x509v3-sign-dss" public key algorithms * certificate verification * certificate validation o CRL o OCSP (optional and

Hi All, Diffs of "X.509v3 certificates support for OpenSSH" versions g4(Compatibility) and h(Validator) for OpenSSH-3.9p1 are ready for download. Please visit "http://roumenpetrov.info/openssh" for more information. Features: * "x509v3-sign-rsa" and "x509v3-sign-dss" public key algorithms * certificate verification * certificate validation o CRL o

Hi Roumen, I discovered that the need of appending the .pub part of id_rsa(client key+cert) on the server can be eliminated by adding the Certificate Blob to authorized_keys which could look something like this: x509v3-sign-rsa subject= /C=FR/ST=PARIS/L=DESEl/O=SSL/OU=VLSI/CN=10.244.82.83/emailAddress=client at company.com This is extracted from the client certificate using openssl as

Hi All, The version 5.3 of "X.509 certificates support in OpenSSH" is published. This version adds preliminary support for "x509v3-sign-rsa-sha1" and "x509v3-sign-dss-sha1" key type names in conformance with "draft-ietf-secsh-x509-02.txt" and extends "x509v3-sign-dss key type with signatures in "ssh-dss" format. More details on page

Hi all, I have pleasure to announce new version f of "X.509 certificates support in OpenSSH" Please to update your bookmarks/favorites with new location: http://roumenpetrov.info/openssh Old location is available too: http://satva.skalasoft.com/~rumen/openssh What's new: * support "Certificate Revocation Lists" (CRLs) * ssh-keyscan can show hostkey with

Hi, I need to add X.509 Certificate support to OpenSSH. I came across the following post on the openssh-unix-dev mailing list that is very useful: http://marc.info/?l=openssh-unix-dev&m=120298135706959&w=2 <http://marc.info/?l=openssh-unix-dev&m=120298135706959&w=2> And also, http://marc.info/?l=openssh-unix-dev&m=104395024824680&w=2

Hello list members, I would like to inform that version 7.1 of X.509 certificate support) is ready. The just published update from "Integration" series offer direct support of X.509 certificates based on RSA keys from PKCS11module. Another integration update is that now you could you use FIPS capable OpenSSL library in FIPS mode. As result of above mentioned features

Dear List... I have a similar question to the one that is copied below. I am trying to get instructions for configuring OpenSSH to use PKI based authentication. I understand that I can provide the server with the public keys of the client machines to get this working (one way) but the next step is where I would like to go... I want SSHD to authenticate my users based upon the "Root

New version "x509e" is out on http://satva.skalasoft.com/~rumen/openssh/ . Now OpenSSH (client and server) can use x509 certificates for hostkeys too. Try it and give to forum (prefered) feedbacks, comments, suggestions, etc.

Dear All, X.509 certificates support for OpenSSH version 6.0p1 was published. I brief new version include : - support for Android platform; - engine implementation is now considered stable; - various regression test improvements including fixes for OpenSSL FIPS enabled 1.0.1 stable release and korn shell Yours sincerely, Roumen Petrov -- Get X.509 certificates support in OpenSSH:

Hello, I would like to use Public Key authentication with OpenSSH. I am trying to use a public / private key set created using CA.pl. http://www.openssl.org/docs/apps/CA.pl.html I am not sure but I think my OpenSSL keys will not work until some conversion takes place. I was able to get them working between Windows (Putty.EXE) and my SSHD server but PuttyGen.EXE converted the public keys

Hi All, The version 5.5.1 of "X.509 certificates support in OpenSSH" is ready for download. On download page http://roumenpetrov.info.localhost/openssh/download.html#get_-5.5.1 you can found diff for OpenSSH versions 4.4p1. What's new: * specific diff of 5.5 for OpenSSH 4.4p1 Because of OpenSSH source code changes, like include statements and new server option

I''m trying to split out my certificate authority and have one CA and multiple masters, currently using round robin DNS, possibly using HAproxy later. Got most of the way there but tangled up in names and certificates. When the Puppet CA generated it''s certificate the PTR record for it''s IP pointed back to it''s domain name ("henson") and it had a CNAME

Hello all, lately i am facing problems with Certification Authorities. I have used centos script /etc/pki/tls/misc/CA my own certificate authority. In next steps i am generating requests for certificates to services such as LDAP,NNRPD and lately signing requests with CA. My approach is to import my own CA into Windows Vista OS as root CA and trusted, to avoid messages in clients such as

Today, I released a new version of "X.509 certificates support in OpenSSH" ( http://roumenpetrov.info/openssh/ ). Version 6.0 add following enhancements: - Printable X.509 name attributes compared in UTF-8 Printable attributes are converted to utf-8 before to compare. This allow distinguished name in "authorized keys" file to be in UTF-8. - "Distinguished Name"

Hi All, The version 6.1 of "X.509 certificates support in OpenSSH" is ready for download. On page http://www.roumenpetrov.info/openssh/download.html you can found diffs for OpenSSH versions 4.5p1,4.6p1 and 4.7p1. Details ( from http://www.roumenpetrov.info/openssh ): * distinguished name compare bug(security): The bug affect versions 6.0 and 6.0.1 only. The work around is to

I've seen a variety of patches on the list for supporting the x509v3 certificate authentication. Are there any plans to include any of these in the official openssh? Thanks, Kevin Stefanik

Hi All, Version 7.0 of "X.509 certificates support in OpenSSH" is ready for immediate download. This version allow client to use certificates and keys stored into external devices. The implementation is based on openssl dynamic engines. For instance E_NSS engine ( http://developer.berlios.de/projects/enss ) will allow you to use certificates and keys from Firefox, SeaMonkey,

Dear "someone who can help", I am having a problem with SAMBA and SWAT (although I'm not sure SWAT is part of the problem...) I get two instances of "smbd" when ever it is started on this system. From SWAT I can only stop it ONE time. After that, each time I attempt to stop the SMBD daemon from SWAT it simply starts TWO more instances of the daemon (or something