certificate in openssh
maf at appgate.com
maf at appgate.com
Thu Jan 9 18:13:55 EST 2003
On 6 Jan, venki wrote:
> we have been looking for ways to implement digital certificate authentication
> in openssh. Pointers to similar kind of ongoing work will be more
> appreciated. Thanks.
We have implemented it in our product which among other things uses
openssh. Unfortunately I can not share any meaningful code since it
relies heavily on other parts of our infrastructure. But I should at
least be able to answer questions about it.
But it is relatively straightforward to implement. x509v3-sign-rsa and
x509v3-sign-dss are defined public key algorithm names. The most
interesting decision is how to determine if a give certificate gives
access to a certain account. The easiest solution is to use something
like the authorized_keys file, but other more interesting solutions are
possible.
/MaF
--
Martin Forssen <maf at appgate.com> Development Manager
Phone: +46 31 7744361 AppGate Network Security AB
More information about the openssh-unix-dev
mailing list