Re: OpenSSH key signing service?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 




> On Dec 25, 2017, at 9:52 AM, Stephen Harris <lists@xxxxxxxxxx> wrote:
> 
>> (Blargh is right (https://blog.habets.se/2011/07/OpenSSH-certificates.html <https://blog.habets.se/2011/07/OpenSSH-certificates.html>). Googling for this stuff is *hard*:)
> 
> Does https://www.sweharris.org/post/2016-10-30-ssh-certs/  help at all?
> 
> 

Yes, I did see that in my wanderings. It’s a very nice summary of the nuts and bolts of things.

"We just need the workflows to do the signing :-)”

I’m interested in that bit, though!  

I managed to get the basic stuff working on a couple of lab systems in a few minutes.  I even 
set AuthorizedKeysFile to /dev/null in sshd_config to strictly enforce using the signed key. 

Now I need it to scale!

jd

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux