[ssh_x509] variation of "publickey" authentication

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Sun Feb 13 13:55:13 EET 2022


There is one unofficial variation of "publickey" authentication called "hostbound".
It will be part of next OpenBSD secure shell release.

Technically it appends server host-key to authentication request with new name.
Dunno what is rationale of this variation.
In addition it is discovered by extension request instead by classical "none" authentication request.

Sensitive agent code is heavy changed additionally. It is not reasonable to perform enormous number of changes in secure sensitive program.

As result decision is do not support such variation.

Please open gitlab issue if you encounter agent incompatibility related to updates.

Roumen Petrov

More information about the ssh_x509 mailing list