[ssh_x509] Self-signed certificates not allowed in version 12.6 "Host key verification failed"

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Mon Apr 12 08:14:59 EEST 2021

C1-Non sensitive

Hello everybody,

I am testing the version 12.6 of pkixssh and, as part of our tests, we test de authentication with X509 certificates.  

The certificates used for the CA, host and user are self-signed certificates, created for testing purposes.  In the previous version tested by me, the pkixssh 12.3 (corresponding to OpenSSH 8.1) it worked but with the current one 12.6 (corresponding to OpenSSH 8.4) when the host certificate is received in the client side we get the following error:

    ssh_verify_cert: verify error, code=18, msg='self signed certificate'
    Host key verification failed.

Is there a way to avoid this error? The error is detected in the client side when trying to establish a connection

Thanks in advance!

José Manuel Ciges Regueiro
Unix Systems Administrator & LAMP developer

More information about the ssh_x509 mailing list