[ssh_x509] X.509v3 SSH Server and Client configuration README page

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Tue Aug 27 07:05:55 EEST 2019


Hi Roumen,
Thanks for the prompt reply. So that means, the version which I have picked
i.e. PKISSH 10.2 doesn't have x509v3-rsa2048-sha256 support ?

Thanks & Regards
Mohit Gupta

On Mon, Aug 26, 2019 at 11:24 PM <ssh_x509 at roumenpetrov.info> wrote:

> Hi Mohit
>
> ssh_x509 at roumenpetrov.info wrote:
> > Hi Roumen,
> >
> > I want to use x509v3-rsa2048-sha256 algorithm for X.509v3 certificate
> based
> > SSH authentication.
> >  From the README guide(
> > https://roumenpetrov.info/openssh/x509-5.3/README.x509v3  ) , I couldn't
> > figure out whether I should provide 'x509v3-rsa2048-sha256' algorithm in
> > X509KeyAlgorithm in sshd_config or not.
> > ...
> Recent version is 12.1. And this is the version with
> /x509v3-rsa2048-sha256./
> Readme is https://roumenpetrov.info/openssh/x509-12.1/README.x509v3
>
> No extra configuration is needed to activate algorithm as (quote):
> ...
>
>    The default for certificates with RSA key is:
>      X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1
>      X509KeyAlgorithm x509v3-sign-rsa,rsa-md5
>      X509KeyAlgorithm x509v3-ssh-rsa,rsa-sha1,ssh-rsa
>      X509KeyAlgorithm x509v3-rsa2048-sha256,rsa2048-sha256,rsa2048-sha256
>
> ...
>
>
> > Kindly provide me with configuration steps/README
> > guide/X509KeyAlgorithm value in sshd_config to configure and use
> > x509v3-rsa2048-sha256 algorithm  for certificate based SSH
> > authentication.
>
> Hmm This is tricky question ;) as configuration depend from client
> software and etc.
>
> May be order like this
>
> X509KeyAlgorithm x509v3-rsa2048-sha256,rsa2048-sha256,rsa2048-sha256
> X509KeyAlgorithm x509v3-ssh-rsa,rsa-sha1,ssh-rsa
> X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1
> X509KeyAlgorithm x509v3-sign-rsa,rsa-md5
> plus  algorithms for EC and DSA keys.
>
>
>
>
> >   Thanks & Regards
> >
> > Mohit Gupta
> [snip]
>
> Regards,
> Roumen Petrov
>
>
> _______________________________________________
> ssh_x509 mailing list
> ssh_x509 at roumenpetrov.info
> http://roumenpetrov.info/mailman/listinfo/ssh_x509_roumenpetrov.info
>


More information about the ssh_x509 mailing list