|
     |
Add the ECDSA algorithms (remove any key sizes you do not wish to allow) to the list
of auth-publickey signature-algorithms (within the
<authentication-methods> element) in your
ssh-broker-config.xml:
<auth-publickey signature-algorithms="ecdsa-sha2-nistp256,ecdsa-sha2-nistp384, \ ecdsa-sha2-nistp521,ssh-dss,ssh-rsa,ssh-dss-sha256@ssh.com, \ ssh-rsa-sha256@ssh.com,x509v3-sign-dss,x509v3-sign-rsa, \ x509v3-sign-dss-sha256@ssh.com, x509v3-sign-rsa-sha256@ssh.com"> <key-selection policy="automatic"> </key-selection> </auth-publickey>
![[Note]](images/note.gif) | Note |
|---|---|
To enable ECDSA keys for X.509, add also the following to the
|
Create the ECDSA user key with ssh-keygen-g3. For more information on ssh-keygen-g3, refer to the Tectia Client User Manual.
Use ssh-keygen-g3 with –t (type)
ecdsa. Once generated, the resulting .pub file
should be uploaded to the target server.
| Note |
|---|---|
Do this under the correct user account. The example below is using the root user. |
[root@host ~]# ssh-keygen-g3 -t ecdsa Generating 256 bits ECDSA key on nistp256 curve Key generated. 256-bit ecdsa, root@host.example.com, Mon Aug 24 2015 09:57:24 -0400 Passphrase : Again : Key is stored with NULL passphrase... ... Private key saved to /root/.ssh2/id_ecdsa_256_a Public key saved to /root/.ssh2/id_ecdsa_256_a.pub
| |
Copyright 
2015 SSH Communications Security Corporation
This software is protected by international copyright laws. All rights reserved.
Contact Information