Hi all, I'm trying to get x509 support for ssh. I have a pkcs patched ssh package. OpenSSH_5.3p1, OpenSSL 0.9.8l-fips 5 Nov 2009 . I'm going through http://www.roumenpetrov.info/openssh/x509-6.2.2/README.x509v3 But when I add following options to my sshd_config: # X.509 support AllowedCertPurpose sslclient CACertificateFile /etc/ssh/ca/ca-bundle.crt CACertificatePath /etc/ssh/ca/crt CARevocationFile /etc/ssh/ca/ca-bundle.crl CARevocationPath /etc/ssh/ca/crl X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1 KeyAllowSelfIssued no I'm getting: Starting sshd:/etc/ssh/sshd_config: line 122: Bad configuration option: AllowedCertPurpose /etc/ssh/sshd_config: line 123: Bad configuration option: CACertificateFile /etc/ssh/sshd_config: line 124: Bad configuration option: CACertificatePath /etc/ssh/sshd_config: line 125: Bad configuration option: CARevocationFile /etc/ssh/sshd_config: line 126: Bad configuration option: CARevocationPath /etc/ssh/sshd_config: line 127: Bad configuration option: X509KeyAlgorithm /etc/ssh/sshd_config: line 128: Bad configuration option: KeyAllowSelfIssued /etc/ssh/sshd_config: terminating, 7 bad configuration options [FAILED] Can somebody help me with this. Thanks Shravan
