Hi,
On Wed, Apr 22, 2015 at 02:51:02PM -0700, Reuben Hawkins wrote:
> Can a signed key from a common CA fit in this process somewhere? I do
> want to avoid forcing a requirement onto our customers to get keys
> signed by us, or anybody else.
"common" = "common to the client and server", no external parties needed.
Recent OpenSSH versions can handle signed keys, so if your management
system can generate keys for both client and server, and sign them, all
the systems know that they all belong to the same management domain - and
you could trust all keys signed with a given signature (if I understood
that part right, didn't try it yet).
Might not fit your need, but worth consideration.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert@xxxxxxxxxxxxxx
fax: +49-89-35655025 gert@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
