Contents

  1. Howto authenticate to a openssh server using X.509 certificates
  2. Introduction
  3. Getting it all togeather
  4. Configuring it

Howto authenticate to a openssh server using X.509 certificates

Introduction

To put it right at the start:

To be able to authenticate to a openssh server using x.509 certificates, you need to patch your openssh server.

Now think again, if you want to do this ;)

Moreover, you need a client, that is able to support reading and verifying certificates. That is not true for puttySC and not true for openssh client. To my knowledge this is for example true for the commercial tectia ssh client.

Now think again, if you want to do this ;o)

Getting it all togeather

You would want to get Roumen Petrovs openssh patch from http://www.roumenpetrov.info/openssh/.

Configuring it

Instead of adding your public keys to the authorized_keys you will add the distinguished names of the certificates, that should be allowed to login.

None: HowTos/eToken_and_openssh_server (last edited 2008-09-12 12:59:36 by localhost)