Hi list. I'm trying to setup SSH host authentication via certificates.
My original idea was that I wanted the the SSH host key to be signed by
private key for the X.509 CA certificate I had created previously for
use on my local network. (I wanted the SSH authentication to integrate
into my existing certificate tree.) However, I ran into some confusion
because the SSH uses a different certificate format, it seems. Despite
this, I was able to use ssh-keygen to create an SSH host certificate
which was signed by the aforementioned private key. Furthermore, I can
tell through verbose logging, that sshd is in fact delivering the host
certificate to the client.
However, the client cannot accept it the host certificate, because it
does not have the CA certificate on file. I tried to treat the CA
Certificate PEM file like an ssh identity file (-i option) but ssh
client would not accept it (type -1 error).
Short version: Can I convert a X.509 CA Certificate into a format
useable by SSH client, or do I need to create a new certificate just for
use with SSH?
-- https://qlfiles.net My PGP public key ID is 0x340EA95A (pgp.mit.edu). --------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.Received on Sat Nov 12 21:11:01 2016
This archive was generated by hypermail 2.1.8 : Sat Nov 12 2016 - 21:11:01 AKST