From owner-freebsd-current@FreeBSD.ORG Wed Oct 31 19:56:42 2007 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 56DCF16A421 for ; Wed, 31 Oct 2007 19:56:42 +0000 (UTC) (envelope-from lists@c0mplx.org) Received: from home.c0mplx.org (home.c0mplx.org [IPv6:2001:14b0:200::1]) by mx1.freebsd.org (Postfix) with ESMTP id 0FE8B13C4A5 for ; Wed, 31 Oct 2007 19:56:42 +0000 (UTC) (envelope-from lists@c0mplx.org) Received: from pi by home.c0mplx.org with local (Exim 4.66 (FreeBSD)) (envelope-from ) id 1InJg9-00082f-1z; Wed, 31 Oct 2007 20:56:41 +0100 Date: Wed, 31 Oct 2007 20:56:40 +0100 From: Kurt Jaeger To: Andre Maurice Message-ID: <20071031195640.GJ12479@home.c0mplx.org> References: <9671A92C3C8B5744BC97F855F7CB646512EA3D7A@zcarhxm1.corp.nortel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <9671A92C3C8B5744BC97F855F7CB646512EA3D7A@zcarhxm1.corp.nortel.com> Cc: freebsd-current@freebsd.org Subject: Re: OpenSSH Certkey (PKI) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Oct 2007 19:56:42 -0000 Hi! > I have been researching the use of PKI with Openssh. I came across > a web posting that states that OpenSSH should work out of the box > with additions and this is why the X.509 support was not > desirable/pursued. > Is there a way that we can configure OpenSSH to use X.509 certificate? Seems non-trivial, but doable. See http://roumenpetrov.info/openssh/ -- pi@opsec.eu +49 171 3101372 13 years to go !