[ssh_x509] Authenticating the host

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Thu Sep 27 23:23:20 EEST 2012

ssh_x509 at roumenpetrov.info wrote:
> Hi,
> I am trying to understand the use of certificates with OpenSSH.  I have
> successfully authenticated both user and host using SSH certificates and am
> now trying to repeat this with X509 certifciates.
> I am using openssh-6.1p1 and openssh-6.1p1+x509-7.2.1.diff on CentOS 6.3.
> These are installed in /usr/local and I use explicit paths to the binaries.
>   The authenticity of host [SNIP]
>   Are you sure you want to continue connecting (yes/no)?
Above message is related to content of "SSH_KNOWN_HOSTS FILE FORMAT" 
described in sshd(8) and the fact that server public key is changed.
You could use command ssh-keyscan to list server keys and to add to user 
known host file if you authorize authenticity of host .
Also you could comment old key in that file and try again.
Only difference if X.509 certificates is used is that record in file 
could contain distinguished name.

> Andrew


Get X.509 certificates support in OpenSSH:

More information about the ssh_x509 mailing list