Support for RFC6187

Damien Miller djm at
Fri May 5 10:02:59 AEST 2017

On Thu, 4 May 2017, Edgar Zaiser wrote:

> Hello,
> I was wondering if there?s any reason why openssh is not supporting server
> authentication using ?x509v3-rsa2048-sha256? which is defined in RFC6187?
> Since it is recommended by the official document in Germany, namely
> ?BSI-TR-02102-4?, maybe it?s worth going for it?


We consider X.509 too complex a format to support. It dramatically
multiplies attack surface, especially in the crucial pre-authentication
phase of the protocol.

There are third-party patches to add X.509 to OpenSSH:

Alternately, OpenSSH supports a much simpler certificate format that
achieves much the same result. There are a few guides and quite a few
third-party tools to manage these (e.g. CAs).

Damien Miller

More information about the openssh-unix-dev mailing list