[ssh_x509] Trying to understand X509 v OpenSSH certificates

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Fri Sep 28 17:11:51 EEST 2012


Hi,

Thanks for your previous reply.  After reading it I realised that I may be
very confused about X509 certificates (sorry!).  So now I have another
question, which is about user authentication.

With OpenSSH (not X509) certificates I can:
 - Generate a signed certificate that associates the user's key pair with 
   a given identity (username).
 - Configure the sshd on the host with the CA certificate.

After this, the user can connect to the host as the given identity.  There is
no need to modify authorized_keys on the host.

Can I do this with X509 certificates?  The example I have found at
http://forums.gentoo.org/viewtopic-t-441064.html still requires that I modify
the authorized_keys file on the host (if I understand correctly).

Is it possible to use X509 in the same way as OpenSSH certificates, so that I
do not need to modify authorized_keys?  (by using CN to specify the identity).

Thanks and sorry for the confusion / questions,
Andrew




More information about the ssh_x509 mailing list