> On Dec 25, 2017, at 9:52 AM, Stephen Harris <lists@xxxxxxxxxx> wrote: > >> (Blargh is right (https://blog.habets.se/2011/07/OpenSSH-certificates.html <https://blog.habets.se/2011/07/OpenSSH-certificates.html>). Googling for this stuff is *hard*:) > > Does https://www.sweharris.org/post/2016-10-30-ssh-certs/ help at all? > > Yes, I did see that in my wanderings. It’s a very nice summary of the nuts and bolts of things. "We just need the workflows to do the signing :-)” I’m interested in that bit, though! I managed to get the basic stuff working on a couple of lab systems in a few minutes. I even set AuthorizedKeysFile to /dev/null in sshd_config to strictly enforce using the signed key. Now I need it to scale! jd
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev