similar to: Openssh + x509 patch problem

When is the x.509 patch going to become part of the main distribution of OpenSSH, and if not, why? Looks like other projects i.e. OpenSC might be using it now as well. Secondly, thought I'd try it again, new patch (Validator), same error... TIA, cs ######################## # ssh-x509 Unknown Public Key Type ######################## 1 Installed OpenSSL-0.9.7d (no customization) 2

Hello list members, I would like to inform that version 7.1 of X.509 certificate support) is ready. The just published update from "Integration" series offer direct support of X.509 certificates based on RSA keys from PKCS11module. Another integration update is that now you could you use FIPS capable OpenSSL library in FIPS mode. As result of above mentioned features

Hi, I am trying to set up OpenSSH with x509 certs and I'm getting nowhere. I've been at this on and off for days and doing all the googling I can but I'm still not making progress so any help would be very much appreciated. I believe the latest OpenSSH builds support x509 certificates - I'm running 5.5 on Ubuntu 10.04. What I want to do is have users on Windows boxes using

Hi all, Does anyone know if it exists a patch for OpenSSH for Windows to allow authentication through certificates? Is it possible to make one if it doesn't exists? Using OpenSSH for Windows 3.8p1-1 20040709 Build. I know there is Roumen Petrov patch, but is for unix machines if i'm not mistaken. I need a similar one for Windows that work with the Roumen Petrov patch so i can have

This (very quick) patch allows you to connect with the commercial ssh.com windows client and use x509 certs for hostkeys. You have to import your CA cert (ca.crt) in the windows client and certify your hostkey: $ cat << 'EOF' > x509v3.cnf CERTPATHLEN = 1 CERTUSAGE = digitalSignature,keyCertSign CERTIP = 0.0.0.0 [x509v3_CA]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi guys, been trying the x509 patch for ssh from Roumen, it works great. However, I can't figure out couple of things, and been trying to solve it for couple of days already. I'am using OpenSSH_4.7p1-hpn12v19, OpenSSL 0.9.8g with 6.1 version of your patch. The serverside hostkey is configured correctly, to present x509v3-sign-rsa dynowork

Hello, I would like to know whether OpenSSH supports x509 certificate based authentication. It looks like OpenSSH has dependency on OpenSSL so does this mean that OpeSSH also supports x509 certificate based authentication. If it does support, can you please point me to the necessary documentation. Thanks Naitik

Hi, I need to add X.509 Certificate support to OpenSSH. I came across the following post on the openssh-unix-dev mailing list that is very useful: http://marc.info/?l=openssh-unix-dev&m=120298135706959&w=2 <http://marc.info/?l=openssh-unix-dev&m=120298135706959&w=2> And also, http://marc.info/?l=openssh-unix-dev&m=104395024824680&w=2

Hello, If one passes the -p option for a non-standard port to ssh-keyscan when using the -f option to pull hosts from a file, it results in a known_hosts entry that is incorrect: micah at muck$ cat /tmp/try 199.254.238.47 micah.riseup.net,199.254.238.47 ssh-keyscan -t rsa -p 4422 -f /tmp/try > /tmp/known micah at muck$ cat /tmp/known [micah.riseup.net,199.254.238.47]:4422 ssh-rsa

Hi all, i've installed the a new pwlib (1.5.0) / oh323lib (1.12.0) on my *. Then i've installed the new chan_oh323 (0.5.6). when i try to make a call with "netmeeting" through * ( * dial out with "Dial,OH323/${EXTEN}@xx.xxx.xxx.xx" ) the call will be blocked. Before, there was chan_oh323 0.5.5 and pwlib(1.4.11) and openh323(1.11.7) installed, and it worked. Is here

Hi all, I am compiling the OpenSSH4.7p1 on hp-ux PA11.23 system, however, it gives the following bug: cc +DD64 -I. -I. -I../include/openssl -I../include/tcpwrap -I../include/zlib -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -I/usr/local/include -I../include/gssapi -DSSHDIR=\"/opt/ssh/etc\" -D_PATH_SSH_PROGRAM=\"/opt/ssh/bin/ssh\"

hi I''m trying to get ipsec working with x509 certificates however I just can''t seem to. I''ve hit a road block and was wondering if someone could help me figure it out. my racoon.conf (I have it mirrored on the connecting machine. path pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/certs"; remote anonymous { exchange_mode

I am just finished support for x509 certificate. More information on this page: http://satva.skalasoft.com/~rumen/openssh/

Hi, I have made new small patch. He use X509 certificate to authenticate users. This patch use some features which are coded by Eric Auge (see ldap patch http://ldappubkey.gcu-squad.org/). You could find the patch on http://traceroute.free.fr/articles.php?id=24 regards, Fred.

First the bug: I've found a timing problem in 2.1.1p1 at the point where the client version string is read, a core dump with a "Did not receive ident string..." error. This problem does not appear to have been mentioned yet in the list archive. This bug was noted on HP-UX 11.0 but could be a problem on other Unices as well. My Q&D fix (patch below) was to spin on EWOULDBLOCK

Hi All, Please visit http://satva.skalasoft.com/~rumen/openssh/ to get new version with support for x509 certificate. - added authorization by 'Distinguished Name'; - added x509 CA store (new options in sshd_config); - client certificate is verified against CA certificates in x509 store; - added shell scripts to create 'Test CA' and test client certificates. Diffs aviable for

Hello, I have the following problem: I want to use publickey authentication by using the publickey of a x509 certificate stored on a java card. I can already extract the publickey of the certificate and write it into a file. The problem i have is that i don't know how to convert the certificate's publickey into an rsa publickey format that openssh will accept. Does anybody have a

Hello, I have paid attention to the issue about the X509-based certificate support in standard openssh. Because I also need the support of X509-based certificates in my project, and also I have developed specific version of openssh to pass the proxy certificate from client to server. But I used the PAM module to verify the proxy and authorize the accessors. I wonder whether current support in

Hello all, About PKCS11, some provider allows only the use of X509 certificate. Are there plans to add the ability to extract the public key from certificates when there is no public key? Thank you Sincerely, Laurent

Hi Everyone, I'd like to ask a question about libvirt xml config. I am using kvm with tls certification. For some reason I need to specify a unique certificate file for every instance, so my kvm command would be like: /usr/libexec/qemu-kvm -spice port=5900,tls-port=5901,addr=0.0.0.0,disable-ticketing,x509-dir=/openstack/etc/pki/libvirt-spice the argument