On Thu, 4 May 2017, Edgar Zaiser wrote: > Hello, > > I was wondering if there?s any reason why openssh is not supporting server > authentication using ?x509v3-rsa2048-sha256? which is defined in RFC6187? > > Since it is recommended by the official document in Germany, namely > ?BSI-TR-02102-4?, maybe it?s worth going for it? Hi, We consider X.509 too complex a format to support. It dramatically multiplies attack surface, especially in the crucial pre-authentication phase of the protocol. There are third-party patches to add X.509 to OpenSSH: http://roumenpetrov.info/secsh/ Alternately, OpenSSH supports a much simpler certificate format that achieves much the same result. There are a few guides and quite a few third-party tools to manage these (e.g. CAs). Cheers, Damien Miller _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev