On Saturday, November 12, 2016, Christopher Howard <ch.howard@zoho.com>
wrote:
> Hi list. I'm trying to setup SSH host authentication via certificates.
> My original idea was that I wanted the the SSH host key to be signed by
> private key for the X.509 CA certificate I had created previously for
> use on my local network. (I wanted the SSH authentication to integrate
> into my existing certificate tree.) However, I ran into some confusion
> because the SSH uses a different certificate format, it seems. Despite
> this, I was able to use ssh-keygen to create an SSH host certificate
> which was signed by the aforementioned private key. Furthermore, I can
> tell through verbose logging, that sshd is in fact delivering the host
> certificate to the client.
>
> However, the client cannot accept it the host certificate, because it
> does not have the CA certificate on file. I tried to treat the CA
> Certificate PEM file like an ssh identity file (-i option) but ssh
> client would not accept it (type -1 error).
>
> Short version: Can I convert a X.509 CA Certificate into a format
> useable by SSH client, or do I need to create a new certificate just for
> use with SSH?
>
> --
> https://qlfiles.net
> My PGP public key ID is 0x340EA95A (pgp.mit.edu).
>
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org <javascript:;>>
> with 'unsubscribe' in the message body.
>
>
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Sun Nov 13 15:47:17 2016
This archive was generated by hypermail 2.1.8 : Sun Nov 13 2016 - 15:47:18 AKST