secureid and CA

Carson Gaspar carson at taltos.org
Thu Jul 4 13:03:55 EST 2002


--On Thursday, July 04, 2002 3:26 AM +0200 "PostMaster @ I.O. Ltd." 
<insideout at barak.net.il> wrote:

> Hello to all the Great "crypto" People (... my first time in this list ..)
> I'm trying to compile openSSH-3.4p1 with the SecureID patch taken from:
> http://www.omniti.com/~jesus/projects/openssh-3.4p1+SecurID_v1.patch
> I'm having trouble to compile the patched openSSH over the Cygwin
> platform. this is probably since there is no cygwin SecureID agent
> available , so i'm using the linux one (Redhat).
> does anyone has a solution ?

No. There is no solution, unless RSA provides SecurID libraries for Cygwin. 
Which I don't see happening anytime soon.

> the aim of all this is to build a BUILT-IN feature in openssh to have auth
> option via some kind of
> a certification authority CA (like ace server).
> that way regardless of the platform (and the local users and so on) ,
> it will be possible to auth to the ssh spereaded around in our network.

The ACE server has _nothing_ to do with a CA. It does no public key crypto 
at all. It just does DES. It also has an "interesting" way of transmitting 
the shared secret (although rumour has it the current rev fixed that).

-- 
Carson





More information about the openssh-unix-dev mailing list