I have a host with Tectia Server 6.0.12 set up for x509 certificate authentication. It's working well with the Tectia Client (6.4). (Weirdly, if I disable the keyboard-interactive auth method, it fails to log in. Bonus points if you can explain that one to me.)
In this configuration, is it possible to open an SSH session without Tectia Client?
OpenSSH's ssh man page indicates that it supports the use of x509 client certificates with the use of the "-i" option. If you specify "-i ./mykey", it looks for certificate information in ./mykey-cert.pub. Should that work? Or is the exchange behavior proprietary/custom? I've read that there are differences, but it's not clear to me whether those differences are strictly server-side.
This is just a stepping stone to my end goal, which is to connect with Java - ideally using the library we're already using for SSH against non-Tectia hosts - JSch. Is that feasible, or do I need to use the Tectia SDK? (Will the SDK support my using arbitrary per-session client certificates?)
Partial answers welcome.