[ssh_x509] About building binary rpm on centos 7

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Fri Jan 20 22:18:45 EET 2017


ssh_x509 at roumenpetrov.info wrote:
> Hi,
>
> I have some progress but ran into a problem. I have ssh_config file from
> way back and can't figure out what I should replace these options with:
>
> /etc/ssh/ssh_config: line 38: Bad configuration option: x509rsasigtype
This option was deprecated long time ago - in 2006 version 5.3. It was 
replaced by *X509KeyAlgorithm*.

> /etc/ssh/ssh_config: line 45: Bad configuration option:
> usercacertificatefile
Option is valid.
Starting with version 9.0 there is no configure 
option(/--disable-x509store)/ that could disable x.509 certificate store.

Please check if you build scrip define preprocessor flag 
-DSSH_X509STORE_DISABLED. If so please remove it.

Currently only configure option is removed but corresponding define 
still exist is code. At some point of time code and regression test will 
be cleaned as well.


> /etc/ssh/ssh_config: line 47: Bad configuration option: usercarevocationfile
Same here . Both options are valid one in client(ssh) configuration.


> I have read the readme.x509v3 file several times and have seen these
> options in regards with sshd_config only.
Option that start with "user" is client only option. Meaning is same as 
corresponding option without prefix "user".


> $ ssh -V
> PKIX-SSH 9.3, OpenSSH_7.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013
>
> Is there a way to test if the compiled ssh indeed has x.509 support?
You could execute regression tests only for x.509 certificates with 
command "make check-certs"

> Regards,
> Indrek

Roumen


-- 
Secure shell with X.509 certificate support
http://roumenpetrov.info/secsh/





More information about the ssh_x509 mailing list