[ssh_x509] Trying to understand X509 v OpenSSH certificates

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Sat Sep 29 01:43:06 EEST 2012


On Sat, Sep 29, 2012 at 12:17:56AM +0300, ssh_x509 at roumenpetrov.info wrote:
> ssh_x509 at roumenpetrov.info wrote:
> >Can I do this with X509 certificates?  The example I have found at
> >http://forums.gentoo.org/viewtopic-t-441064.html still requires that I modify
> >the authorized_keys file on the host (if I understand correctly).
> 
> Use of X.509 distinguished name is recomended but not required.
> 
> 
> >Is it possible to use X509 in the same way as OpenSSH certificates, so that I
> >do not need to modify authorized_keys?  (by using CN to specify the identity).
> 
> OpenSSH custom certificate is lame implementation of PKI.

OK, but is that "yes" or "no"?  If I use the username as common name, should
it work without authorized_keys?  Because I have tried and I cannot get it to
work.  So I do not do if I am doing something wrong, or if this is normal
behaviour.

Thanks,
Andrew




More information about the ssh_x509 mailing list