Displaying 20 results from an estimated 500 matches similar to: "OpenSSH and X.509 Certificate Support"
2008 Mar 13
0
[Fwd: Re: OpenSSH and X.509 Certificate Support]
Hi Roumen,
I discovered that the need of appending the .pub part of id_rsa(client
key+cert) on the server can be eliminated by adding the Certificate Blob
to authorized_keys which could look something like this:
x509v3-sign-rsa subject=
/C=FR/ST=PARIS/L=DESEl/O=SSL/OU=VLSI/CN=10.244.82.83/emailAddress=client at company.com
This is extracted from the client certificate using openssl as
2008 Jan 16
4
x509 patch for SSH
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi guys,
been trying the x509 patch for ssh from Roumen, it works great.
However, I can't figure out couple of things, and been trying to solve
it for couple of days already.
I'am using OpenSSH_4.7p1-hpn12v19, OpenSSL 0.9.8g
with 6.1 version of your patch.
The serverside hostkey is configured correctly, to present x509v3-sign-rsa
dynowork
2012 May 25
2
Announce: X.509 certificates support v7.2 for OpenSSH version 6.0p1
Dear All,
X.509 certificates support for OpenSSH version 6.0p1 was published.
I brief new version include :
- support for Android platform;
- engine implementation is now considered stable;
- various regression test improvements including fixes for OpenSSL FIPS
enabled 1.0.1 stable release and korn shell
Yours sincerely,
Roumen Petrov
--
Get X.509 certificates support in OpenSSH:
2008 Feb 13
1
Openssh + x509 patch problem
Hi all,
I'm trying to install ssh server based on x509 certificates with no
result. What I've done is the following:
- Build openssh4.7p1 after patching with openssh-4.7p1+x509-6.1.diff.gz
without error using ./configure --prefix=/opt/ssh && make && make
install in both server and client machines
- Create minimal openssl ca structure under /opt/ssh/etc/ca
( self
2004 Jul 15
1
I ask about a openSSH
Hello,
Since which version of OPENSSH the authentification by certificates x509V3
accepts.
Thankyou,
_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis !
http://www.msn.fr/msger/default.asp
2006 Sep 30
1
Announce: X.509 certificates support version 5.5.1 in OpenSSH 4.4p1
Hi All,
The version 5.5.1 of "X.509 certificates support in OpenSSH" is ready for download.
On download page http://roumenpetrov.info.localhost/openssh/download.html#get_-5.5.1
you can found diff for OpenSSH versions 4.4p1.
What's new:
* specific diff of 5.5 for OpenSSH 4.4p1
Because of OpenSSH source code changes, like include statements and new server
option
2011 Sep 08
2
Announce: X.509 certificates support v7.0 for OpenSSH version 5.9p1
Hi All,
Version 7.0 of "X.509 certificates support in OpenSSH" is ready for
immediate download.
This version allow client to use certificates and keys stored into
external devices. The implementation is based on openssl dynamic engines.
For instance E_NSS engine ( http://developer.berlios.de/projects/enss )
will allow you to
use certificates and keys from Firefox, SeaMonkey,
2006 Apr 27
0
Announce: X.509 certificates support in OpenSSH version 5.4
Hi All,
The version 5.4 of "X.509 certificates support in OpenSSH" is ready for download.
On download page http://roumenpetrov.info.localhost/openssh/download.html#get_-5.4
you can found diffs for OpenSSH versions 4.2p1 and 4.3p2.
What's new:
* given up support for "x509v3-sign-rsa-sha1" and "x509v3-sign-dss-sha1"
The implementation realised in previous
2012 Jan 15
0
X.509 certificate integration continue with PKCS11 and FIPS capable OpenSSL
Hello list members,
I would like to inform that version 7.1 of X.509 certificate support) is
ready.
The just published update from "Integration" series offer direct support
of X.509 certificates based on RSA keys from PKCS11module. Another
integration update is that now you could you use FIPS capable OpenSSL
library in FIPS mode.
As result of above mentioned features
2017 Nov 24
1
SSL configuration
Hello subscribers,
I have a very strange question regarding SSL setup on gluster storage.
I have create a common CA and sign certificate for my gluster nodes, placed host certificate, key and common CA certificate into /etc/ssl/,
create a file called secure-access into /var/lib/glusterd/
Then, I start glusterd on all nodes, system work fine, I see with peer status all of my nodes.
No problem.
2004 Apr 07
0
Announce: X.509 certificates support in OpenSSH(version h-Validator)
I'm pleased to announce that the version "h"(code-name Validator) of
"X.509 certificates support in OpenSSH" is now available for immediate
download at http://roumenpetrov.info/openssh.
Features:
* "x509v3-sign-rsa" and "x509v3-sign-dss" public key algorithms
* certificate verification
* certificate validation
o CRL
o OCSP (optional and
2004 Aug 19
0
Announce: X.509 certificates support in OpenSSH-3.9p1
Hi All,
Diffs of "X.509v3 certificates support for OpenSSH" versions
g4(Compatibility) and h(Validator) for OpenSSH-3.9p1 are ready for
download.
Please visit "http://roumenpetrov.info/openssh" for more information.
Features:
* "x509v3-sign-rsa" and "x509v3-sign-dss" public key algorithms
* certificate verification
* certificate validation
o CRL
o
2006 Jan 22
0
Announce: X.509 certificates support in OpenSSH (version 5.3 from "Validator" series)
Hi All,
The version 5.3 of "X.509 certificates support in OpenSSH" is published.
This version adds preliminary support for "x509v3-sign-rsa-sha1"
and "x509v3-sign-dss-sha1" key type names in conformance with
"draft-ietf-secsh-x509-02.txt" and extends "x509v3-sign-dss
key type with signatures in "ssh-dss" format.
More details on page
2018 May 25
4
Suggestion: Deprecate SSH certificates and move to X.509 certificates
I suggest deprecating proprietary SSH certificates and move to X.509
certificates. The reasons why I suggest this change are: X.509
certificates are the standard on the web, SSH certificates provide no
way to revoke compromised certificates, and SSH certificates haven't
seen significant adoption, It's also a bad idea to roll your own
crypto, and own certificate format seems like an example
2002 Jan 31
7
x509 for hostkeys.
This (very quick) patch allows you to connect with the commercial
ssh.com windows client and use x509 certs for hostkeys. You have
to import your CA cert (ca.crt) in the windows client and certify
your hostkey:
$ cat << 'EOF' > x509v3.cnf
CERTPATHLEN = 1
CERTUSAGE = digitalSignature,keyCertSign
CERTIP = 0.0.0.0
[x509v3_CA]
2003 Jan 30
0
X.509 certificates support in OpenSSH - version f is ready
Hi all,
I have pleasure to announce new version f of "X.509 certificates support in OpenSSH"
Please to update your bookmarks/favorites with new location:
http://roumenpetrov.info/openssh
Old location is available too:
http://satva.skalasoft.com/~rumen/openssh
What's new:
* support "Certificate Revocation Lists" (CRLs)
* ssh-keyscan can show hostkey with
2008 Mar 10
1
Benefits of OpenSSH X.509 over key based authentication?
Hi,
I have some observations regarding the X.509 patch developed by Roumen
Petrov for OpenSSH available at http://roumenpetrov.info/openssh/ , I don't
understand some things here like
1. When certificate based authentication of the client is desired,
shouldn't it be something like what mod_ssl does in Apache where u have a CA
certificate at the server, and then the client
2011 Feb 15
11
Puppetmasterd not receiving certificate request
Hi: I''m trying to configure Puppet on Ubuntu, and strangely I am never
able to generate a certificate because my server never shows any
pending certificate requests.
Put differently, on the server I am running puppetmasterd and on the
client I am able to connect to the server, but the client continues
printing
notice: Did not receive certificate
warning: peer certificate
2003 Jun 26
6
[Bug 605] make install don't create piddir
http://bugzilla.mindrot.org/show_bug.cgi?id=605
Summary: make install don't create piddir
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Build system
AssignedTo: openssh-bugs at mindrot.org
ReportedBy:
2007 Jul 29
38
[Bug 1346] New: PAM environment takes precedence over SendEnv
http://bugzilla.mindrot.org/show_bug.cgi?id=1346
Summary: PAM environment takes precedence over SendEnv
Product: Portable OpenSSH
Version: 4.6p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: bitbucket at mindrot.org
ReportedBy: