Re: add keys and certificate to forwarded agent on remote host

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 9/20/18 9:41 PM, Rory Campbell-Lange wrote:
> The missing piece in the puzzle for our use case is extracting the user
> from the connection by pairing their connection key to one in a user
> database without having to create a local user for each remote ssh user
> on the authenticating server. I assume the usshca ssh server deals with
> this by allowing "username@usshca" connections for all known users?

Maybe I'm missing your point. But IMHO the prerequisite for using a
SSH-CA is a decent user management with secure user authentication to be
used for identity check *before* even issuing the user cert.

Personally I'm using my own LDAP user management which supports 2FA
(HOTP) also used for POSIX account/group data. But any other such user
management will do.

Ciao, Michael.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux