Hi everyone, we want to implement a SSH infrastructure that allows certain people (not directly related to the company) to access to a piece of information of their concern. A simple solution is to provide they with an encrypted private key so they can be "authorized_keys" access to their home in a jailed session. That's ok, it works fine, but, we are analyzing on the use of X.509 certs instead of distributing key pairs and, as far as I know, that is not natively supported by OpenSSH. I've only found the Roumen Petrov's patch to provide X.509 support (
http://roumenpetrov.info/openssh/).
Does anyone have used it?, How secure can it be?.
After all, this is a problem for us because the need of recompiling the OpenSSH while we have RedHat support through rpm updates.
Is there an alternative to that patch?.
We refuse the idea of using ftp or http directory authenticated access and we don't have the possibility of making access through web services, at least not for a couple of months or maybe the whole 2007.
The solution MUST be free/opensource.
Thanks in advance.
PS: by the way... have somebody tried the jailkit?