[empty image] [empty image]
[empty image]
[empty image] [empty image] [empty image]
[empty image]

OpenSSH secure shell
and
X.509 v3 certificates
(archive d-series and early)

Check the current version!

30 Jul 2002
What's new:
  • released version d.
    • ssh-agent and ssh-add by now support X.509 certificates;
    • check for allowed client certificate purpose;
    • fixes related to autoconf.
This file contain tips for client and server configuration with X.509 certificate support
Downloads (diff against version):
NOTE: No more diffs for OpenSSH versions before 3.4x (see OpenSSH advisory) !

28 Jun 2002
What's new:
  • added diffs for version 3.4x.
Downloads (diff against version):
NOTE (from OpenSSH home page):
At least one major security vulnerability exists in many deployed OpenSSH versions (2.3.1 to 3.3). Please see the ISS advisory or OpenSSH advisory on this topic where simple patches are provided for the pre-authentication problem. Systems running with UsePrivilegeSeparation yes are not vulnerable due to the jailed nature. As well, most systems configured with both ChallengeResponseAuthentication no and PAMAuthenticationViaKbdInt no are not affected. However some OpenSSH versions modified from the original may still be affected even with the later two options, so we urge an upgrade or patch.
The 3.4 release contain many other fixes done over a week long audit started when this issue came to light. We believe that some of those fixes are likely to be important security fixes. Therefore, we urge an upgrade to 3.4.

27 Jun 2002
What's new:
  • removed backup files "key.c.XXXX" from 3.3 diff;
Downloads (diff against version):
  • 3.3 - Update!

25 Jun 2002
NOTE (about version 3.3p1) :
If you have message in log file like this:
fatal: mmap(<NUMBER>): Invalid argument
please edit ".../tests/CA/openssh_tests.sh" and in method creTestSSHDcfgFile ( line 149 ) add option:
 Compression no
If this cannot solve connection problem add is same method option:
 UsePrivilegeSeparation no

24 Jun 2002
What's new:
  • removed backup file "authfile.c.ORIG" from 3.2.3p1 diff;
  • added diffs for version 3.3x.
Downloads (diff against version):
NOTE: Do not forget to add user sshd for version 3.3x - otherwise script ".../tests/CA/openssh_tests.sh" fail !

20 Jun 2002
What's new:
  • released version c.
    • tests/CA/README - new file;
    • tests/CA/* scripts - rewriten;
    • 'ssh-keygen' can change passphrase of a private key with certificate;
  • added OpenBSD diff.
Downloads (diff against version):

11 Jun 2002
What's new:
  • released second version.
    • added authorization by 'Distinguished Name';
    • added x509 CA store (new options in sshd_config);
    • client certificate is verified against CA certificates in x509 store;
    • added shell scripts to create test CA and test client certificates.
  • first version is retired.
Downloads (diff against OpenSSH portable version):

4 Apr 2002
What's new:
  • released first version.

[empty image]
[empty image] [empty image] Last modified : Monday August 06, 2007 [empty image]