Bug 1373

Summary: native support for X.509 v3 certificates
Product: Portable OpenSSH Reporter: Stephan Zehrer <mindrot>
Component: sshdAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED WONTFIX    
Severity: enhancement CC: djm
Priority: P2    
Version: 4.7p1   
Hardware: Other   
OS: Other   

Description Stephan Zehrer 2007-10-05 18:03:50 AEST 
I just wondering why their is not support for X.509 certificates in the standard distribution of OpenSSH.
I found http://roumenpetrov.info/openssh/ but this is not part the standard Debian distribution.

Other idea is the integration with OpenSC but i don't have a smartcard on my vServer. A PAM module seems not available too.

Solution, getting direct X.509 support in OpenSSH?

Vote for it :)
Comment 1 Damien Miller 2008-06-18 14:03:52 AEST 
We do not plan to support X.509 certificates in OpenSSH. Doing so would add a significant amount of complexity and would drastically increase our attack surface.

We recommend users who have a strong need apply Roumen's patch (which was of good quality the last time I checked), but for the above reasons we won't be applying it to the version that we distribute it.
Comment 2 Damien Miller 2008-07-22 12:20:00 AEST 
Mass update RESOLVED->CLOSED after release of openssh-5.1