> On Dec 26, 2017, at 2:09 PM, Stef Bon <stefbon@xxxxxxxxx> wrote: > > 2017-12-25 23:37 GMT+01:00 Peter Moody <mindrot@xxxxxxxx>: >>> > > I perfectly understand that central management of keys is when > handling much hosts and many users is a good solution, > but I think it's a bit odd. > > Please correct me if I'm wrong, the host receives from the authority > keys, and uses those to do the signature checking, or the creation of > a signature. > Keys are send from the authority to the host. > But why don't let the authority handle everything with the server to > connect to, keymaterial stays on the cert authority. > I do see your point and there are products out there that provide secure gateways like you describe. They include all kinds of other features like privilege escalation, timed access, session logging, etc. I’m more interested in a web service that can sign a user’s personal key (only the public key needs to be given then), provide short-lived ssh credentials to enable access to ’special’ hosts (possibly with a different ca key), and be used in the host staging process to sign host keys. The user may never even need to directly handle the short-lived credentials. The service would just download them into a well-known area and provide the user with a link to execute a local (to the user) ssh client with the key information included in the command line. This would be a way to keep the signing keys secured while allowing a high degree of self-service. Kind of like how X.509 certificate authorities work. jd
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev