[ssh_x509] Missing Something Fundamental

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Fri Apr 14 17:34:29 EEST 2017


Roumen,

I was able to successfully compile PKIX SSH under OS X El Capitan. I had to
compile it using OpenSSL libraries instead of the native SSL libraries on
the Mac. I only tested the PKIX SSH client. The PKIX SSH client works on
the Mac for me.

One more question:

In the client debug output of "debug1: Offering RSA+cert public key.." is
the PKIX SSH client sending the public certificate on the smart card to the
server?

In the server debug output of "debug1: userauth_pubkey: test whether
pkalg/pkblob are acceptable for RSA+cert SHA256...", is the PKIX SSH server
receiving the public certificate from the client remotely?

Just want to confirm this is what is happening.

Jose

On Wed, Apr 12, 2017 at 3:44 PM, <ssh_x509 at roumenpetrov.info> wrote:

> Hi Jose,
>
> ssh_x509 at roumenpetrov.info wrote:
>
>> Roumen,
>>
>> I was able to restrict incoming SSH client connections to using
>> the AcceptedAlgorithms directive.
>>
>> Since I got this all working with a Linux client, do you know if anyone
>> has
>> compiled your source code for Mac OS X? This would be strictly for the
>> PKIX
>> SSH client.
>>
> I have no feedback from Mac OS X users.
>
>> Also, do you know any Windows SSH clients that will work with PKIX SSH
>> server? Could be commercial or open-source.
>>
> I could count Tectia, SecureCRT, SecureNetTerm, Fortress SSH, SmartFTP
> (crash for me).
> No open source except if some one prepare PKIX-SSH as cygwin package.
>
> Thanks!
>>
>> Jose
>>
>> [SNIP]
>>
> Roumen
>
>
> --
> Secure shell with X.509 certificate support
> http://roumenpetrov.info/secsh/
>
>
> _______________________________________________
> ssh_x509 mailing list
> ssh_x509 at roumenpetrov.info
> http://roumenpetrov.info/mailman/listinfo/ssh_x509_roumenpetrov.info
>


More information about the ssh_x509 mailing list