Re: shared private key

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi,

On Wed, Apr 22, 2015 at 02:51:02PM -0700, Reuben Hawkins wrote:
> Can a signed key from a common CA fit in this process somewhere?  I do
> want to avoid forcing a requirement onto our customers to get keys
> signed by us, or anybody else.

"common" = "common to the client and server", no external parties needed.

Recent OpenSSH versions can handle signed keys, so if your management 
system can generate keys for both client and server, and sign them, all 
the systems know that they all belong to the same management domain - and 
you could trust all keys signed with a given signature (if I understood 
that part right, didn't try it yet).

Might not fit your need, but worth consideration.

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert@xxxxxxxxxxxxxx
fax: +49-89-35655025                        gert@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux