[ssh_x509] Is It possible to have the Cert file in PEM format separately

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Thu May 9 13:07:55 EEST 2019


Hi,
  I could now able to use PKIXSSH using the certificate installed in server
and client side for doing SSH. But currently it is working only if I give
have both the private key and certificate in one single IdentityFile
concatenating these components. But I wanted to try having the certificate
and private key file separately, for the reason I wanted to hide the
private key exposed in the disk, rather want to load the private key from
my hardware chip using engine option.
I have tried using the option "CertificateFile
/usr/local/etc/ssh_hostkey-cert" in my ssh_config file.  As I could see in
the source code in the function "*load_public_identity_files()*" the code
didn't interpret the type of the file in the "CertificateFile", so it free
the file.
Please help.

Regards,
Srini.


More information about the ssh_x509 mailing list