Nick Stoughton

My feedback

  1. 41 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    15 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →

    Hello,

    The latest iOS version beta has certificates support. Though it’s still work in progress.

    Click Contact Us to let us know if you are interested and we’ll provide you with the access to beta.

    In the next months we are going to add the certificates support on all platforms. No exact ETA at the moment, we are just working on it now.

    Thanks

    Nick Stoughton commented  · 

    I tried a couple of different ways to do this, neither worked.

    First I tried generating the key with termius, then copy-paste exporting the pubkey, signing it and copying back the id_rsa-cert.pub.

    Then I generated a whole new key on my Mac, and exported the key.ppk, key.pub and key-cert.pub via iTunes. I imported the key into termius, but it does not try to use the certificate, but just the unsigned key.

    Running sshd with +-d" on the server, I see:
    Server listening on 0.0.0.0 port 22.
    debug1: Bind to port 22 on ::.
    Server listening on :: port 22.
    debug1: Server will not fork when running in debugging mode.
    debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
    debug1: inetd sockets after dupping: 3, 3
    Connection from 172.28.106.115 port 61478 on 172.28.106.28 port 22
    debug1: Client protocol version 2.0; client software version libssh2_1.7.0
    debug1: no match: libssh2_1.7.0
    debug1: Local version string SSH-2.0-OpenSSH_7.4
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: permanently_set_uid: 1002/1003 [preauth]
    debug1: ssh_sandbox_child: prctl(PR_SET_SECCOMP): Invalid argument [preauth]
    debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256 [preauth]
    debug1: SSH2_MSG_KEXINIT sent [preauth]
    debug1: SSH2_MSG_KEXINIT received [preauth]
    debug1: kex: algorithm: diffie-hellman-group-exchange-sha256 [preauth]
    debug1: kex: host key algorithm: ssh-rsa [preauth]
    debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none [preauth]
    debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none [preauth]
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REQUEST [preauth]
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth]
    debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth]
    debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth]
    debug1: rekey after 4294967296 blocks [preauth]
    debug1: SSH2_MSG_NEWKEYS sent [preauth]
    debug1: expecting SSH2_MSG_NEWKEYS [preauth]
    debug1: SSH2_MSG_NEWKEYS received [preauth]
    debug1: rekey after 4294967296 blocks [preauth]
    debug1: KEX done [preauth]
    debug1: userauth-request for user root service ssh-connection method publickey [preauth]
    debug1: attempt 0 failures 0 [preauth]
    debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:G521akhvfkr9s63tXZhBLy9TnNrb3VFKENeqghJYvhc [preauth]
    debug1: temporarily_use_uid: 0/0 (e=0/0)
    debug1: trying public key file /etc/ssh/authorized_keys
    debug1: fd 4 clearing O_NONBLOCK
    debug1: restore_uid: 0/0
    Failed publickey for root from 172.28.106.115 port 61478 ssh2: RSA SHA256:G521akhvfkr9s63tXZhBLy9TnNrb3VFKENeqghJYvhc
    debug1: userauth-request for user root service ssh-connection method keyboard-interactive [preauth]
    debug1: attempt 1 failures 1 [preauth]
    debug1: keyboard-interactive devs [preauth]
    debug1: auth2_challenge: user=root devs= [preauth]
    debug1: kbdint_alloc: devices '' [preauth]
    Received disconnect from 172.28.106.115 port 61478:11: Normal Shutdown [preauth]
    Disconnected from 172.28.106.115 port 61478 [preauth]
    debug1: do_cleanup [preauth]
    debug1: monitor_read_log: child log fd closed
    debug1: do_cleanup
    debug1: Killing privsep child 8191

Feedback and Knowledge Base