Secure Shell
sshd_config options for x.509 support Aug 19 2010 03:49PM
Shravan Mishra (shravan mishra gmail com)
Hi all,

I'm trying to get x509 support for ssh.
I have a pkcs patched ssh package.

OpenSSH_5.3p1, OpenSSL 0.9.8l-fips 5 Nov 2009 .

I'm going through http://www.roumenpetrov.info/openssh/x509-6.2.2/README.x509v3

But when I add following options to my sshd_config:

# X.509 support
AllowedCertPurpose sslclient
CACertificateFile /etc/ssh/ca/ca-bundle.crt
CACertificatePath /etc/ssh/ca/crt
CARevocationFile /etc/ssh/ca/ca-bundle.crl
CARevocationPath /etc/ssh/ca/crl
X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1
KeyAllowSelfIssued no

I'm getting:

Starting sshd:/etc/ssh/sshd_config: line 122: Bad configuration
option: AllowedCertPurpose
/etc/ssh/sshd_config: line 123: Bad configuration option: CACertificateFile
/etc/ssh/sshd_config: line 124: Bad configuration option: CACertificatePath
/etc/ssh/sshd_config: line 125: Bad configuration option: CARevocationFile
/etc/ssh/sshd_config: line 126: Bad configuration option: CARevocationPath
/etc/ssh/sshd_config: line 127: Bad configuration option: X509KeyAlgorithm
/etc/ssh/sshd_config: line 128: Bad configuration option: KeyAllowSelfIssued
/etc/ssh/sshd_config: terminating, 7 bad configuration options
[FAILED]

Can somebody help me with this.

Thanks
Shravan

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus