similar to: x509 cert chain

Hi all, I'm trying to install ssh server based on x509 certificates with no result. What I've done is the following: - Build openssh4.7p1 after patching with openssh-4.7p1+x509-6.1.diff.gz without error using ./configure --prefix=/opt/ssh && make && make install in both server and client machines - Create minimal openssl ca structure under /opt/ssh/etc/ca ( self

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi guys, been trying the x509 patch for ssh from Roumen, it works great. However, I can't figure out couple of things, and been trying to solve it for couple of days already. I'am using OpenSSH_4.7p1-hpn12v19, OpenSSL 0.9.8g with 6.1 version of your patch. The serverside hostkey is configured correctly, to present x509v3-sign-rsa dynowork

Hi all, Does anyone know if it exists a patch for OpenSSH for Windows to allow authentication through certificates? Is it possible to make one if it doesn't exists? Using OpenSSH for Windows 3.8p1-1 20040709 Build. I know there is Roumen Petrov patch, but is for unix machines if i'm not mistaken. I need a similar one for Windows that work with the Roumen Petrov patch so i can have

Hello, I would like to know whether OpenSSH supports x509 certificate based authentication. It looks like OpenSSH has dependency on OpenSSL so does this mean that OpeSSH also supports x509 certificate based authentication. If it does support, can you please point me to the necessary documentation. Thanks Naitik

Hello, I have paid attention to the issue about the X509-based certificate support in standard openssh. Because I also need the support of X509-based certificates in my project, and also I have developed specific version of openssh to pass the proxy certificate from client to server. But I used the PAM module to verify the proxy and authorize the accessors. I wonder whether current support in

When is the x.509 patch going to become part of the main distribution of OpenSSH, and if not, why? Looks like other projects i.e. OpenSC might be using it now as well. Secondly, thought I'd try it again, new patch (Validator), same error... TIA, cs ######################## # ssh-x509 Unknown Public Key Type ######################## 1 Installed OpenSSL-0.9.7d (no customization) 2

This (very quick) patch allows you to connect with the commercial ssh.com windows client and use x509 certs for hostkeys. You have to import your CA cert (ca.crt) in the windows client and certify your hostkey: $ cat << 'EOF' > x509v3.cnf CERTPATHLEN = 1 CERTUSAGE = digitalSignature,keyCertSign CERTIP = 0.0.0.0 [x509v3_CA]

Dear All, X.509 certificates support for OpenSSH version 6.0p1 was published. I brief new version include : - support for Android platform; - engine implementation is now considered stable; - various regression test improvements including fixes for OpenSSL FIPS enabled 1.0.1 stable release and korn shell Yours sincerely, Roumen Petrov -- Get X.509 certificates support in OpenSSH:

Hi All, Version 7.0 of "X.509 certificates support in OpenSSH" is ready for immediate download. This version allow client to use certificates and keys stored into external devices. The implementation is based on openssl dynamic engines. For instance E_NSS engine ( http://developer.berlios.de/projects/enss ) will allow you to use certificates and keys from Firefox, SeaMonkey,

Hello, Since which version of OPENSSH the authentification by certificates x509V3 accepts. Thankyou, _________________________________________________________________ MSN Messenger : discutez en direct avec vos amis ! http://www.msn.fr/msger/default.asp

Hi Chris, On 18/10/2023 19:13, Chris Rapier wrote: > Do any of you have a wish list of things you'd like to see in ssh? get Roumen Petrovs pkissh implementation merged and maintained upstream I know this is a huge page with little chances to get accepted, but I'd like to mention this, because it has been on my personal wish list for a long time. Sure, I can install pkissh, but if

Hello everybody, I'll try to find out some info about Samba and a way to put x509 authenticate method but i don't find anything clear about it. I found in the how-to v3 some stuff about authenticate PAM module to use with samba but I don't know if I look in the right direction. I have a samba server running for a lots of time based on smbpass DB. We plan to use our PKI certs to

Hello everybody, I'll try to find out some info about Samba and a way to put x509 authenticate method but i don't find anything clear about it. I found in the how-to v3 some stuff about authenticate PAM module to use with samba but I don't know if I look in the right direction. I have a samba server running for a lots of time based on smbpass DB. We plan to use our PKI certs to

Hi, I need to add X.509 Certificate support to OpenSSH. I came across the following post on the openssh-unix-dev mailing list that is very useful: http://marc.info/?l=openssh-unix-dev&m=120298135706959&w=2 <http://marc.info/?l=openssh-unix-dev&m=120298135706959&w=2> And also, http://marc.info/?l=openssh-unix-dev&m=104395024824680&w=2

cc -g -I. -I. -I/opt/openssl-0.9.6c/include -I. -I/usr/local/include -DETCDIR=\"/opt/openssh-3.0.2p1-x509/etc\" -D_PATH_SSH_PROGRAM=\"/opt/openssh-3.0.2p1-x509/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/opt/openssh-3.0.2p1-x509/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/opt/openssh-3.0.2p1-x509/libexec/sftp-server\" -D_PATH_SSH_PIDDIR=\"/var/run\"

Hello, The version 0.11 of "PKCS#11 support in OpenSSH" is published. Changes: 1. Updated against OpenSSH 4.3p2. 2. Modified against Roumen Petrov's X.509 patch (version 5.4), so self-signed certificates are treated by the X.509 patch now. 3. Added --pkcs11-x509-force-ssh if X.509 patch applied, until some issues with the X.509 patch are resolved. 4. Fixed issues with gcc-2. You

Hi there, As of Dovecot 2.2.9, it's possible to enable passwordless authentication using client certificates [1]: ssl_ca = </etc/ssl/ca.pem ssl_verify_client_cert = yes auth_ssl_username_from_cert = yes (Password checking can be bypassed by returning the extra fields ?password= nopassword? in the passdb when the variable ?%k? expands to "valid".) However this

Hi Everyone, I'd like to ask a question about libvirt xml config. I am using kvm with tls certification. For some reason I need to specify a unique certificate file for every instance, so my kvm command would be like: /usr/libexec/qemu-kvm -spice port=5900,tls-port=5901,addr=0.0.0.0,disable-ticketing,x509-dir=/openstack/etc/pki/libvirt-spice the argument

Hello, I have the following problem: I want to use publickey authentication by using the publickey of a x509 certificate stored on a java card. I can already extract the publickey of the certificate and write it into a file. The problem i have is that i don't know how to convert the certificate's publickey into an rsa publickey format that openssh will accept. Does anybody have a

Hello OpenSSH developers, A week ago I've posted a patch that enables openssh to work with PKCS#11 tokens. I didn't receive any comments regarding the patch or reply to my questions. In current software world, providing a security product that does not support standard interface for external cryptographic hardware makes the product obsolete. Please comment my patch, so I can know