Date: Wed, 8 Apr 2020 11:31:12 +0200 From: Per Hedeland <per@hedeland.org> To: David Mehler <dave.mehler@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: difference in sshd protocol options Message-ID: <4b14011e-3e7e-fbb7-73cf-7dc3e1429906@hedeland.org> In-Reply-To: <CAPORhP4aHUWuQww9LkMT=9m3m9CGJnHx6gdqKFBwo=ACkcCO7g@mail.gmail.com> References: <CAPORhP4aHUWuQww9LkMT=9m3m9CGJnHx6gdqKFBwo=ACkcCO7g@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2020-04-08 07:59, David Mehler wrote: > Hello, > > I just went through an interesting go tonight getting an android file > manager to connect via sftp to my FreeBSD 12.1 sshd server. I've got > two questions. Refering to the sshd_config man page the > HostKeyAlgorithms option and the PubkeyAcceptedKeyTypes options is > there a difference between the options (both of which appear in the > default) ssh-rsa and ssh-rsa-cert-v01@openssh.com? Yes, see e.g. https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys - ssh-rsa uses just a "raw" key, while ssh-rsa-cert-v01@openssh.com uses a certificate (OpenSSH-specific design, a simpler variant than the common x.509 style), i.e. basically a key signed with some other trusted (CA) key. The certificate allows for specifiying CA keys instead of individual host and user keys in ~/.ssh/known_hosts ~/.ssh/authorized_keys, respectively. --Per Hedeland
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4b14011e-3e7e-fbb7-73cf-7dc3e1429906>