login about faq

I have a host with Tectia Server 6.0.12 set up for x509 certificate authentication. It's working well with the Tectia Client (6.4). (Weirdly, if I disable the keyboard-interactive auth method, it fails to log in. Bonus points if you can explain that one to me.)

In this configuration, is it possible to open an SSH session without Tectia Client?

OpenSSH's ssh man page indicates that it supports the use of x509 client certificates with the use of the "-i" option. If you specify "-i ./mykey", it looks for certificate information in ./mykey-cert.pub. Should that work? Or is the exchange behavior proprietary/custom? I've read that there are differences, but it's not clear to me whether those differences are strictly server-side.

This is just a stepping stone to my end goal, which is to connect with Java - ideally using the library we're already using for SSH against non-Tectia hosts - JSch. Is that feasible, or do I need to use the Tectia SDK? (Will the SDK support my using arbitrary per-session client certificates?)

Partial answers welcome.

asked Nov 25 '15 at 22:30

AdamAugusta's gravatar image

AdamAugusta
1223

edited Nov 25 '15 at 22:32

Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×30
×10
×3
×2

Asked: Nov 25 '15 at 22:30

Seen: 4,356 times

Last updated: Nov 25 '15 at 22:32

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.