Return to PROTOCOL.certkeys CVS log | Up to [local] / src / usr.bin / ssh |
version 1.14, 2018/04/10 00:10:49 | version 1.16, 2018/10/26 01:23:03 | ||
---|---|---|---|
|
|
||
acceptance of certified host keys, by adding a similar ability to | acceptance of certified host keys, by adding a similar ability to | ||
specify CA keys in ~/.ssh/known_hosts. | specify CA keys in ~/.ssh/known_hosts. | ||
All certificate types include certification information along with the | |||
public key that is used to sign challenges. In OpenSSH, ssh-keygen | |||
performs the CA signing operation. | |||
Certified keys are represented using new key types: | Certified keys are represented using new key types: | ||
ssh-rsa-cert-v01@openssh.com | ssh-rsa-cert-v01@openssh.com | ||
|
|
||
ecdsa-sha2-nistp256-cert-v01@openssh.com | ecdsa-sha2-nistp256-cert-v01@openssh.com | ||
ecdsa-sha2-nistp384-cert-v01@openssh.com | ecdsa-sha2-nistp384-cert-v01@openssh.com | ||
ecdsa-sha2-nistp521-cert-v01@openssh.com | ecdsa-sha2-nistp521-cert-v01@openssh.com | ||
ssh-ed25519-cert-v01@openssh.com | |||
These include certification information along with the public key | Two additional types exist for RSA certificates to force use of | ||
that is used to sign challenges. ssh-keygen performs the CA signing | SHA-2 signatures (SHA-256 and SHA-512 respectively): | ||
operation. | |||
rsa-sha2-256-cert-v01@openssh.com | |||
rsa-sha2-512-cert-v01@openssh.com | |||
These RSA/SHA-2 types should not appear in keys at rest or transmitted | |||
on their wire, but do appear in a SSH_MSG_KEXINIT's host-key algorithms | |||
field or in the "public key algorithm name" field of a "publickey" | |||
SSH_USERAUTH_REQUEST to indicate that the signature will use the | |||
specified algorithm. | |||
Protocol extensions | Protocol extensions | ||
------------------- | ------------------- |