[ssh_x509] Disable Pubkey and Enable x509 Only

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Wed Nov 7 20:58:12 EET 2018

Hi Roumen,

I downloaded and started configuring SSH with your patch. First of all, fantastic work. This is a very well-put-together patch.

While configuring, I've come across a question:
Is there a way (through sshd configuration) to disable Pubkey Auth, but retain X509 auth on the ssh server?

Based on what I've seen, it looks like the pubkey configuration in sshd_config enables or disables both pubkey and X509 auth. I understand that authorized_keys file can determine x509v3-* vs standard pubkey types, but I want to limit to only X509 certificates and no plain pubkeys through configuration. Is this possible?

I'm am using pkix-ssh 11.4 with OpenSSH 7.8p1.

Jon B

More information about the ssh_x509 mailing list