[ssh_x509] X.509v3 SSH Server and Client configuration README page

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Mon Aug 26 20:54:03 EEST 2019


Hi Mohit

ssh_x509 at roumenpetrov.info wrote:
> Hi Roumen,
>
> I want to use x509v3-rsa2048-sha256 algorithm for X.509v3 certificate based
> SSH authentication.
>  From the README guide(
> https://roumenpetrov.info/openssh/x509-5.3/README.x509v3  ) , I couldn't
> figure out whether I should provide 'x509v3-rsa2048-sha256' algorithm in
> X509KeyAlgorithm in sshd_config or not.
> ...
Recent version is 12.1. And this is the version with 
/x509v3-rsa2048-sha256./
Readme is https://roumenpetrov.info/openssh/x509-12.1/README.x509v3

No extra configuration is needed to activate algorithm as (quote):
...

   The default for certificates with RSA key is:
     X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1
     X509KeyAlgorithm x509v3-sign-rsa,rsa-md5
     X509KeyAlgorithm x509v3-ssh-rsa,rsa-sha1,ssh-rsa
     X509KeyAlgorithm x509v3-rsa2048-sha256,rsa2048-sha256,rsa2048-sha256

...


> Kindly provide me with configuration steps/README
> guide/X509KeyAlgorithm value in sshd_config to configure and use
> x509v3-rsa2048-sha256 algorithm  for certificate based SSH
> authentication.

Hmm This is tricky question ;) as configuration depend from client 
software and etc.

May be order like this

X509KeyAlgorithm x509v3-rsa2048-sha256,rsa2048-sha256,rsa2048-sha256
X509KeyAlgorithm x509v3-ssh-rsa,rsa-sha1,ssh-rsa
X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1
X509KeyAlgorithm x509v3-sign-rsa,rsa-md5
plus  algorithms for EC and DSA keys.


  

>   Thanks & Regards
>
> Mohit Gupta
[snip]

Regards,
Roumen Petrov




More information about the ssh_x509 mailing list