[ssh_x509] How to Authenticate to Non-X.509 SSH Servers

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Sun Jul 12 12:03:38 EEST 2015


ssh_x509 at roumenpetrov.info wrote:
> All,
>
>     I just started using PKIX-SSH and have been able to configure it 
> locally to talk to a remote SSH server running PKIX-SSH via a 
> smartcard accessed through a PKCS#11 module.
>
> However, when I try to use my agent to talk to an SSH server that does 
> not support PKIX-SSH I am unable to authenticate with the 
> public-key-only.  I get the following error:
>     sshd[15416]: userauth_pubkey: unsupported public key algorithm: 
> x509v3-sign-rsa [preauth]
>
> What is the intended way for users to authenticate to Non-PKIX-SSH 
> servers as well as PKIX-SSH servers using the same agent (while using 
> PKCS#11) ?

Options PubkeyAlgorithms allows failback to "plain" keys. For 
x509v3-sign-rsa "plain" is ssh-rsa.
If you start client with -o PubkeyAlgorithms=ssh-rsa you should be able 
to connect to server using ssh-rsa public key algorithm.

>
> Thanks,
>     Roy Keene
>
Roumen





More information about the ssh_x509 mailing list