[ssh_x509] Missing Something Fundamental

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Fri Apr 14 17:34:29 EEST 2017


I was able to successfully compile PKIX SSH under OS X El Capitan. I had to
compile it using OpenSSL libraries instead of the native SSL libraries on
the Mac. I only tested the PKIX SSH client. The PKIX SSH client works on
the Mac for me.

One more question:

In the client debug output of "debug1: Offering RSA+cert public key.." is
the PKIX SSH client sending the public certificate on the smart card to the

In the server debug output of "debug1: userauth_pubkey: test whether
pkalg/pkblob are acceptable for RSA+cert SHA256...", is the PKIX SSH server
receiving the public certificate from the client remotely?

Just want to confirm this is what is happening.


On Wed, Apr 12, 2017 at 3:44 PM, <ssh_x509 at roumenpetrov.info> wrote:

> Hi Jose,
> ssh_x509 at roumenpetrov.info wrote:
>> Roumen,
>> I was able to restrict incoming SSH client connections to using
>> the AcceptedAlgorithms directive.
>> Since I got this all working with a Linux client, do you know if anyone
>> has
>> compiled your source code for Mac OS X? This would be strictly for the
>> SSH client.
> I have no feedback from Mac OS X users.
>> Also, do you know any Windows SSH clients that will work with PKIX SSH
>> server? Could be commercial or open-source.
> I could count Tectia, SecureCRT, SecureNetTerm, Fortress SSH, SmartFTP
> (crash for me).
> No open source except if some one prepare PKIX-SSH as cygwin package.
> Thanks!
>> Jose
>> [SNIP]
> Roumen
> --
> Secure shell with X.509 certificate support
> http://roumenpetrov.info/secsh/
> _______________________________________________
> ssh_x509 mailing list
> ssh_x509 at roumenpetrov.info
> http://roumenpetrov.info/mailman/listinfo/ssh_x509_roumenpetrov.info

More information about the ssh_x509 mailing list