Mailing List Archive

Chain of trust
Hi,

Does OpenSSH support ssh certificate chain with trust anchored at the root cert? From what I have read and experimented, it does not look so. But looking for a confirmative answer from the experts.

Thanks
Manoj.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Chain of trust [ In reply to ]
On 11/15/18 7:51 PM, Manoj Ampalam wrote:
> Does OpenSSH support ssh certificate chain with trust anchored at the
> root cert? From what I have read and experimented, it does not look
> so. But looking for a confirmative answer from the experts.
If you're asking about OpenSSH certs then look into:

https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys

It says:

"Chained" certificates, where the signature key type is a certificate
type itself are NOT supported.

Ciao, Michael.
Re: Chain of trust [ In reply to ]
Hello Manoj,

Manoj Ampalam wrote:
> Hi,
>
> Does OpenSSH support ssh certificate chain with trust anchored at the root cert? From what I have read and experimented, it does not look so. But looking for a confirmative answer from the experts.

Perhaps you would like to use this implementation
http://roumenpetrov.info/secsh/ - with support of industrial standards.

Let me know if you need addition information in respective forum.


> Thanks
> Manoj.

Regards,
Roumen Petrov

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev