OpenSSH and X.509 Certificate Support

Roumen Petrov openssh at roumenpetrov.info
Fri Feb 22 07:10:12 EST 2008 

sankalp_karpe wrote:
> Hi Roumen,
>
> I could successfully add X.509 Certificate support to OpenSSH.
> [SKIP]
>   

> *ISSUES faced:*
>
> The following commands did not execute and gave errors:
>
> (a) /opt/ssh/bin/ssh -vvv -f /opt/ssh/etc/ssh_config -d -d -d 
> myuser at myserver
>
> OpenSSH_4.7p1, OpenSSL 0.9.8b 04 May 2006
> ssh: illegal option -- d
> usage: ssh [-1246AaCfgKkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]
>            [-D [bind_address:]port] [-e escape_char] [-F configfile]
>            [-i identity_file] [-L [bind_address:]port:host:hostport]
>            [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
>            [-R [bind_address:]port:host:hostport] [-S ctl_path]
>            [-w local_tun[:remote_tun]] [user@]hostname [command]
>   
Yes, expected. The option -d in not in vanilla.
Vanilla OpenSSH use -v as verbose mode for client and -d as debug mode 
for daemon (server).

What is ssh option -d on RedHat distribution ?


> (b) /opt/ssh/bin/ssh -vvv -f /opt/ssh/etc/ssh_config myuser at myserver
>
> OpenSSH_4.7p1, OpenSSL 0.9.8b 04 May 2006
> debug1: Reading configuration data /opt/ssh//etc/ssh_config
> debug2: hash dir '/root/.ssh/crt' added to x509 store
> debug2: file '/root/.ssh/ca-cert.pem' added to x509 store
> debug2: hash dir '/root/.ssh/crl' added to x509 revocation store
> debug2: hash dir '/opt/ssh//etc/ca/crt' added to x509 store
> debug2: hash dir '/opt/ssh//etc/ca/crl' added to x509 revocation store
> debug1: ssh_set_validator: ignore responder url
> debug2: ssh_connect: needpriv 0
> ssh: /opt/ssh/etc/ssh_config: Name or service not known
>   
Sorry but OpenSSH -f option is not so consistent with other program.
Usually -f is for file in many applications but OpenSSH.
OpenSSH is inconsistent and options is: -F config_file.
Option -f is "requests ssh to go to background just before command 
execution."
So that client try to connect to host "/opt/ssh/etc/ssh_config" and to 
execute command "myuser at myserver"

Did on RedHat option -f is followed by config-file ?

> [SNIP]

Sorry but reported issues is not related to X.509 certificate support.

Roumen

More information about the openssh-unix-dev mailing list