[ssh_x509] Authenticating the host

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Thu Sep 27 23:23:20 EEST 2012


ssh_x509 at roumenpetrov.info wrote:
> Hi,
>
> I am trying to understand the use of certificates with OpenSSH.  I have
> successfully authenticated both user and host using SSH certificates and am
> now trying to repeat this with X509 certifciates.
>
> I am using openssh-6.1p1 and openssh-6.1p1+x509-7.2.1.diff on CentOS 6.3.
> These are installed in /usr/local and I use explicit paths to the binaries.
[SNIP]
>   The authenticity of host [SNIP]
>   Are you sure you want to continue connecting (yes/no)?
>
Above message is related to content of "SSH_KNOWN_HOSTS FILE FORMAT" 
described in sshd(8) and the fact that server public key is changed.
You could use command ssh-keyscan to list server keys and to add to user 
known host file if you authorize authenticity of host .
Also you could comment old key in that file and try again.
Only difference if X.509 certificates is used is that record in file 
could contain distinguished name.


[SNIP]
> Andrew

Roumen


-- 
Get X.509 certificates support in OpenSSH:
http://roumenpetrov.info/openssh/






More information about the ssh_x509 mailing list