11-03-2015
Quote:
Originally Posted by
MichaelFelt
If I recall correctly, the *.2500 openssl packaging was FIPS certified- so these were not even standard 0.9.8 openssl copies.
nope. there is a special FIPS-certified version based on 0.9.8 and it has numbers like 12.9.8.x
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hello friends,
I wanna to make new script which work as i defined below
(1) it connect (using ssh) to remote server
(2) remote server having passphrase key with password
(3) Generate new passphrase on local machine with random 8 character password.
(4) It will atomatically uploaded to... (4 Replies)
Discussion started by: jagnikam
4 Replies
2. AIX
While trying to upgrade ssh from v4.7 to v5.0 on AIX 5.3 TL9, I end up with the following error.
Has anyone come across this?
Note: openssl has been upgraded to 0.9.8.840 before this upgrade
Bala (0 Replies)
Discussion started by: balaji_prk
0 Replies
3. Shell Programming and Scripting
Hi,
I have two Unix servers A and B. I have a script in server A. I want to connect to server B from A using ssh only and without giving passwords everytime i connect. I went through other posts regarding this and I generated a public key in server A and copied that in server B. Now when I... (3 Replies)
Discussion started by: mick_000
3 Replies
4. UNIX for Dummies Questions & Answers
Hi,
please guide me create a public/private key using ssh-keygen, lets say I have been access to server named pngpcdb1with a userid and password ...!!! and also please explain in detail the concept of these keys and ssh as I was planning to use them in ftp related scripts..! Thanks in... (1 Reply)
Discussion started by: rahul125
1 Replies
5. UNIX for Dummies Questions & Answers
Hi,
I am new to unix, recently i was exploring password less remote connection to the ftp server and in that I was exploring the ssh-keygen utility, that it generates private & public keys that helps in transmitting files in encrypted format.Could you please explain me in detail about the... (1 Reply)
Discussion started by: rahul125
1 Replies
6. UNIX for Dummies Questions & Answers
Hi,
I was going thruough the password less authentication of keygen-ssh that will help us in generating keys...One thing that is not clear to me that if in nearby future we conncet to remote ftp server in that case now we need to only provide the user id itself that is password would not be... (1 Reply)
Discussion started by: rahul125
1 Replies
7. UNIX for Dummies Questions & Answers
Hi,
I using ssh-keygen for passwordless authenciation firstly
and I am following these steps mentioned below...
1) Login to pngpcdb1 using your user/pass
2) type 'bash' (without quotes)
3) ssh-keygen #generates private and public key.
4) copy this private key to the location of your sftp... (1 Reply)
Discussion started by: karan2597
1 Replies
8. Shell Programming and Scripting
sftp username@host <<EOF
lcd /home/dirA
cd /home/dirB
mput *.txt
exit
EOF
Hi,
i have done the keygen-ssh settings but rite now I log through putty I enter my credentials and then when i successfully log in, then I issue the command ssh server name then I again enter into the server but... (1 Reply)
Discussion started by: rahulsxn660
1 Replies
9. Shell Programming and Scripting
I need to automate a file transfer thru SFTP. But I cannot do a passwordless key with ssh-keygen between the servers. Is there any other way like we do something like below in FTP???
ftp -n hostIP << EOF
user userid password
get filename
EOF
Please use code tags! (5 Replies)
Discussion started by: Vidhyaprakash
5 Replies
10. UNIX for Beginners Questions & Answers
For some reason, when I try copying my public key to the server, despite it showing as being successful:
rob@linux044:~$ ssh-copy-id -i /home/rob/Work/Keys/keys.txt.pub !@#$%.com
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/rob/Work/Keys/keys.txt.pub"... (7 Replies)
Discussion started by: Circuits
7 Replies
SPKAC(1SSL) OpenSSL SPKAC(1SSL)
NAME
spkac - SPKAC printing and generating utility
SYNOPSIS
openssl spkac [-in filename] [-out filename] [-key keyfile] [-passin arg] [-challenge string] [-pubkey] [-spkac spkacname] [-spksect
section] [-noout] [-verify] [-engine id]
DESCRIPTION
The spkac command processes Netscape signed public key and challenge (SPKAC) files. It can print out their contents, verify the signature
and produce its own SPKACs from a supplied private key.
COMMAND OPTIONS
-in filename
This specifies the input filename to read from or standard input if this option is not specified. Ignored if the -key option is used.
-out filename
specifies the output filename to write to or standard output by default.
-key keyfile
create an SPKAC file using the private key in keyfile. The -in, -noout, -spksect and -verify options are ignored if present.
-passin password
the input file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).
-challenge string
specifies the challenge string if an SPKAC is being created.
-spkac spkacname
allows an alternative name form the variable containing the SPKAC. The default is "SPKAC". This option affects both generated and input
SPKAC files.
-spksect section
allows an alternative name form the section containing the SPKAC. The default is the default section.
-noout
don't output the text version of the SPKAC (not used if an SPKAC is being created).
-pubkey
output the public key of an SPKAC (not used if an SPKAC is being created).
-verify
verifies the digital signature on the supplied SPKAC.
-engine id
specifying an engine (by its unique id string) will cause spkac to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default for all available algorithms.
EXAMPLES
Print out the contents of an SPKAC:
openssl spkac -in spkac.cnf
Verify the signature of an SPKAC:
openssl spkac -in spkac.cnf -noout -verify
Create an SPKAC using the challenge string "hello":
openssl spkac -key key.pem -challenge hello -out spkac.cnf
Example of an SPKAC, (long lines split up for clarity):
SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F
PVwHVIPDx5yso105Y6zpozam135a8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03u
PFoQIDAQABFgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJh1bEIYuc
2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnDdq+NQ3F+X4deMx9AaEglZtULwV
4=
NOTES
A created SPKAC with suitable DN components appended can be fed into the ca utility.
SPKACs are typically generated by Netscape when a form is submitted containing the KEYGEN tag as part of the certificate enrollment
process.
The challenge string permits a primitive form of proof of possession of private key. By checking the SPKAC signature and a random challenge
string some guarantee is given that the user knows the private key corresponding to the public key being certified. This is important in
some applications. Without this it is possible for a previous SPKAC to be used in a "replay attack".
SEE ALSO
ca(1)
1.0.1e 2013-02-11 SPKAC(1SSL)