2017-12-25 23:37 GMT+01:00 Peter Moody <mindrot@xxxxxxxx>: >> I perfectly understand that central management of keys is when handling much hosts and many users is a good solution, but I think it's a bit odd. Please correct me if I'm wrong, the host receives from the authority keys, and uses those to do the signature checking, or the creation of a signature. Keys are send from the authority to the host. But why don't let the authority handle everything with the server to connect to, keymaterial stays on the cert authority. Stef _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev