Date: Wed, 8 Apr 2020 10:07:37 -0400 From: David Mehler <dave.mehler@gmail.com> To: Per Hedeland <per@hedeland.org> Cc: freebsd-questions@freebsd.org Subject: Re: difference in sshd protocol options Message-ID: <CAPORhP7%2BM5Eg=er7wdoXikRQ_rmaeTQQ%2BHfGXHdmgi7XpHq-jg@mail.gmail.com> In-Reply-To: <4b14011e-3e7e-fbb7-73cf-7dc3e1429906@hedeland.org> References: <CAPORhP4aHUWuQww9LkMT=9m3m9CGJnHx6gdqKFBwo=ACkcCO7g@mail.gmail.com> <4b14011e-3e7e-fbb7-73cf-7dc3e1429906@hedeland.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Per Hedeland Thanks. If I'm understanding right the key type ssh-rsa is what is needed when an ssh key is generated with ssh-keygen -t rsa? Thanks. Dave On 4/8/20, Per Hedeland <per@hedeland.org> wrote: > On 2020-04-08 07:59, David Mehler wrote: >> Hello, >> >> I just went through an interesting go tonight getting an android file >> manager to connect via sftp to my FreeBSD 12.1 sshd server. I've got >> two questions. Refering to the sshd_config man page the >> HostKeyAlgorithms option and the PubkeyAcceptedKeyTypes options is >> there a difference between the options (both of which appear in the >> default) ssh-rsa and ssh-rsa-cert-v01@openssh.com? > > Yes, see e.g. > https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys > - ssh-rsa uses just a "raw" key, while ssh-rsa-cert-v01@openssh.com > uses a certificate (OpenSSH-specific design, a simpler variant than > the common x.509 style), i.e. basically a key signed with some other > trusted (CA) key. The certificate allows for specifiying CA keys > instead of individual host and user keys in ~/.ssh/known_hosts > ~/.ssh/authorized_keys, respectively. > > --Per Hedeland >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPORhP7%2BM5Eg=er7wdoXikRQ_rmaeTQQ%2BHfGXHdmgi7XpHq-jg>