[ssh_x509] X.509v3 SSH Server and Client configuration README page

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Thu Aug 29 14:39:47 EEST 2019


Hi Roumen,
Thanks for the prompt reply. So that means, the version which I have picked
i.e. PKISSH 10.2 doesn't have x509v3-rsa2048-sha256 support ?

Thanks & Regards
Mohit Gupta

On Tue, Aug 27, 2019 at 9:36 AM <ssh_x509 at roumenpetrov.info> wrote:

> Hi Roumen,
> Thanks for the prompt reply. So that means, the version which I have picked
> i.e. PKISSH 10.2 doesn't have x509v3-rsa2048-sha256 support ?
>
> Thanks & Regards
> Mohit Gupta
>
> On Mon, Aug 26, 2019 at 11:24 PM <ssh_x509 at roumenpetrov.info> wrote:
>
> > Hi Mohit
> >
> > ssh_x509 at roumenpetrov.info wrote:
> > > Hi Roumen,
> > >
> > > I want to use x509v3-rsa2048-sha256 algorithm for X.509v3 certificate
> > based
> > > SSH authentication.
> > >  From the README guide(
> > > https://roumenpetrov.info/openssh/x509-5.3/README.x509v3  ) , I
> couldn't
> > > figure out whether I should provide 'x509v3-rsa2048-sha256' algorithm
> in
> > > X509KeyAlgorithm in sshd_config or not.
> > > ...
> > Recent version is 12.1. And this is the version with
> > /x509v3-rsa2048-sha256./
> > Readme is https://roumenpetrov.info/openssh/x509-12.1/README.x509v3
> >
> > No extra configuration is needed to activate algorithm as (quote):
> > ...
> >
> >    The default for certificates with RSA key is:
> >      X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1
> >      X509KeyAlgorithm x509v3-sign-rsa,rsa-md5
> >      X509KeyAlgorithm x509v3-ssh-rsa,rsa-sha1,ssh-rsa
> >      X509KeyAlgorithm x509v3-rsa2048-sha256,rsa2048-sha256,rsa2048-sha256
> >
> > ...
> >
> >
> > > Kindly provide me with configuration steps/README
> > > guide/X509KeyAlgorithm value in sshd_config to configure and use
> > > x509v3-rsa2048-sha256 algorithm  for certificate based SSH
> > > authentication.
> >
> > Hmm This is tricky question ;) as configuration depend from client
> > software and etc.
> >
> > May be order like this
> >
> > X509KeyAlgorithm x509v3-rsa2048-sha256,rsa2048-sha256,rsa2048-sha256
> > X509KeyAlgorithm x509v3-ssh-rsa,rsa-sha1,ssh-rsa
> > X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1
> > X509KeyAlgorithm x509v3-sign-rsa,rsa-md5
> > plus  algorithms for EC and DSA keys.
> >
> >
> >
> >
> > >   Thanks & Regards
> > >
> > > Mohit Gupta
> > [snip]
> >
> > Regards,
> > Roumen Petrov
> >
> >
> > _______________________________________________
> > ssh_x509 mailing list
> > ssh_x509 at roumenpetrov.info
> > http://roumenpetrov.info/mailman/listinfo/ssh_x509_roumenpetrov.info
> >
> _______________________________________________
> ssh_x509 mailing list
> ssh_x509 at roumenpetrov.info
> http://roumenpetrov.info/mailman/listinfo/ssh_x509_roumenpetrov.info
>


More information about the ssh_x509 mailing list