Mailinglist Archive: opensuse-factory (551 mails)

< Previous Next >
Re: [opensuse-factory] openssh + pki
  • From: Andrew Joakimsen <joakimsen@xxxxxxxxx>
  • Date: Tue, 17 May 2011 02:56:44 -0400
  • Message-id: <BANLkTikSOCxiB=cS51jKCsthP0hKjhHmSQ@mail.gmail.com>
As long as:

1) It isn't mandatory by default, and won't become.
2) It does not limit the ability as you can now to connect to any host
with a username and password

Then I agree. Otherwise I have enough certificate crap to deal with to
want this.

On Mon, May 16, 2011 at 16:28, Hans Witvliet <hwit@xxxxxxxxxxx> wrote:


Any vague chance of getting the patch of Roumen Petrov applied?
http://roumenpetrov.info/openssh/#features

With this patch, one can enjoy the security feautures supplied digital
certificates (crl, ocsp, ...), like the one's used by openssl, apache,
openvpn, strongswan etc etc.

pki support has been included for a long time in the commercial branch
of ssh, but (i think) due to the conservative nature of the people of
openbsd, who still seems to be in control of openssh, this patch never
made it into the mainstream code

Patch is around since 2006, and still kept up-to-date



--
Med Vennlig Hilsen,

A. Helge Joakimsen
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx

< Previous Next >
References