[ssh_x509] How to Authenticate to Non-X.509 SSH Servers

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Mon Jul 13 19:33:18 EEST 2015

All / Roumen,

	If I understand this correctly, this is something I have to manually 
specify for every server (obviously, optionally in the .ssh/config file) ?

That is a huge breakage to me (since it's the first thing I noticed).

Once I'm on a host that doesn't talk PKIXSSH, it doesn't appear it can 
access my RSA public key in my (forwarded) agent.  Is this expected ?

	Roy Keene

On 07/12/2015 04:03 AM, ssh_x509 at roumenpetrov.info wrote:
> ssh_x509 at roumenpetrov.info wrote:
>> All,
>>     I just started using PKIX-SSH and have been able to configure it
>> locally to talk to a remote SSH server running PKIX-SSH via a
>> smartcard accessed through a PKCS#11 module.
>> However, when I try to use my agent to talk to an SSH server that does
>> not support PKIX-SSH I am unable to authenticate with the
>> public-key-only.  I get the following error:
>>     sshd[15416]: userauth_pubkey: unsupported public key algorithm:
>> x509v3-sign-rsa [preauth]
>> What is the intended way for users to authenticate to Non-PKIX-SSH
>> servers as well as PKIX-SSH servers using the same agent (while using
>> PKCS#11) ?
> Options PubkeyAlgorithms allows failback to "plain" keys. For
> x509v3-sign-rsa "plain" is ssh-rsa.
> If you start client with -o PubkeyAlgorithms=ssh-rsa you should be able
> to connect to server using ssh-rsa public key algorithm.
>> Thanks,
>>     Roy Keene
> Roumen
> _______________________________________________
> ssh_x509 mailing list
> ssh_x509 at roumenpetrov.info
> http://roumenpetrov.info/mailman/listinfo/ssh_x509_roumenpetrov.info

More information about the ssh_x509 mailing list