[ssh_x509] how many SSH client libraries support x.509?

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Sat Oct 6 11:42:02 EEST 2012


Hi Kent,
> Hi Roumen,
>
> I got it to work using these instructions:
> http://www.gossamer-threads.com/lists/openssh/dev/42176
>
> In thinking about
> https://tools.ietf.org/html/draft-kwatsen-reverse-ssh-01, I'm
> wondering about how many SSH client libraries support x.509?
May be only cryptlib http://www.cs.auckland.ac.nz /~pgut001/cryptlib/ as 
library support X.509 in ssh sessions.

>     A quick google search produced this result
> (https://www.javassh.com/products/j2ssh-maverick), which claims to
> support X509, though I don't know yet if it's interoperable with
> openssh+x509...
May be exist commercial  SSH implementation without X.509 support.... 
All SSH with X.509 must be compatible ...
Well you could look into X509KeyAlgorithm ssh_config(5):
....
- x509v3-sign-rsa,rsa-sha1
- x509v3-sign-rsa,rsa-md5
....
- x509v3-sign-dss,dss-asn1
- x509v3-sign-dss,dss-raw
....

So if above mentioned application support those key formats you should 
use. All above are "historic" formats.
Also finally exist a RFC that define "new" formats.

Let me know if j2ssh-maverick is interoperable.


> Ideally there is a client available in a few popular programming
> languages - do you have any pointers?

No.
Usually  GUI clients spawn ssh as separate process and probably user 
will think that client support ssh but actually is just command wrapper.


> Congrats on the neat project.
>
> Thanks,
> Kent


Roumen





More information about the ssh_x509 mailing list