> What is nice about runtime certificate issuance is that certificates can > be tuned for particular per-user, per-instance use cases, such as "root > on all DC1 webservers". > > Unless I've misunderstood, verification of the user and the permissions > they have for potentially many roles on many servers are quite different > things. Possibly the other question you need to be asking yourself is whether you're abusing SSH, trying to make it do another tool's job ? e.g sudo/doas for "root on a server", or kerberos+LDAP or similar. Apologies if I'm teaching granny to suck eggs here, or my understanding of SSH is all wrong. But surely SSH certificates were only ever intended to be for authentication, not for authorization ? Look at Amazon AWS for example. You can *authenticate* to their services using SSH, but the whole *authorization* logic is controlled through AWS IAM. Surely, if anything the AWS-style system is the one you should be looking to replicate ? As that is obviously a methodology that has been proven to scale ? _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev