Pragma Systems Technical Forum

x509 based server validation

https://forums.pragmasys.com/Topic67.aspx

By anonymous123 - 10/29/2010 6:11:22 AM

Hi Pragma Systems,

I just downloaded the latest revision (#993) of Pragma FortressSSH v5.0 Build 9 from your web site and saw that there was a new option for Host Key. Can you please describe as to how x509 Certificate based server validation work in Pragma FortressSSH server?

Thank  you.
By Technical Support Group (TSG) - 10/29/2010 6:23:13 AM

Hello Anonymous123,

Pragma FortressSSH Version 5.0 Build 9 Revision 993 supports four different host key based server validation / identification options and x509v3 is one of the supported options. For the SSH2 protocol, the options include: DSA host key, RSA host key and x509 certificates. For the SSH1 protocol, the only option supported is the SSH1 host key.

Validating the server is the first step in making a ssh connection. The x509 certificate validates that a server is what the server claims to be and not a ghost machine posing as the real server. The x509 certificates are obtained from trusted source (Certificate Authority) that provide higher cryptographic validation. The x509 certificates require fully qualified server name in order to make connection to a server with x509 based validation support. Unlike Public key authentication, a Known_host_file is not needed for x509 based identification / validation since the certificate contains account information.

Thank you,

Technical Support Group (TSG)
Pragma Systems, Inc.