Jay Libove libove at
Wed Feb 25 00:58:46 EST 2004

Several people answered about the X.509 integration patches for OpenSSH.

I wonder, do the policy changes affecting Greg require integration with
a specific external PKI (e.g. MS, Verisign, Entrust), or would those
policy changes be satisfied by simply using asymmetric cryptography,
which is built right in to OpenSSH's ability to perform (require)
authentication by pre-shared public / private key pairs?


-----Original Message-----
From: at
[ at] On
Behalf Of Gregory Seidman
Sent: Monday, February 23, 2004 5:23 PM
To: OpenSSH development list
Subject: PKI and SSH

Due to unpleasant (but arguably valid) policy changes at work, any SSH
server within the work firewall must accept only PKI authentication.
Unless we can convince the higher-ups otherwise, we will also have to
use the commercial SSH server within the firewall. Of course, I should
be able to use whatever client I like. Unfortunately, it is not clear
that I can get OpenSSH to use PKI authentication. A bit of googling
turns up a patch, but nothing too certain or clear. Does OpenSSH support
PKI authentication? If so, how do I use it?


openssh-unix-dev mailing list
openssh-unix-dev at

More information about the openssh-unix-dev mailing list