Does confd inbuilt ssh support certificate authentication?

Confduser · June 21, 2023, 4:44pm

Hi,

Openssh has different ways of authentication like password, key based authentication , certificate based authentication, etc.

Does confd inbuilt ssh has support for certificate based authentication as like Openssh?

Thanks

cohult · June 21, 2023, 7:43pm

Hi,
ConfD’s built-in SSH server does not support certificates. You can integrate ConfD with, for example, OpenSSH and enable OpenSSH certificates, or with Roumen Petrov’s PKIX-SSH to enable standardized X.509 certificates.

Confduser · June 22, 2023, 12:47pm

Thanks for the info.
Is there document which describes the way to integrate confd ssh with Openssh?

Confduser · June 23, 2023, 10:07am

@cohult
Is there document which describes the way to integrate confd ssh with Openssh?
Thanks in advance

cohult · June 24, 2023, 9:29pm

OpenSSH for NETCONF sessions: See the ConfD User Guide chapter NETCONF Server section Using OpenSSH.

OpenSSH for CLI sessions: See the confd_cli(1) man page. You can, for example, add something like the below to your OpenSSH sshd_config file:

Match User admin
    ForceCommand $CONFD_DIR/bin/confd_cli -C

See also the OpenSSH ssh_config(5) man page for details.