Re: prompt to update a host key

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 17/03/19, Jochen Bern (Jochen.Bern@xxxxxxxxx) wrote:
> On 03/16/2019 07:34 PM, Rory Campbell-Lange wrote:
> >>> On Fri, Mar 15, 2019 at 09:10:26AM +0000, Jochen Bern wrote:
> >>> And that's when you look at using certificate based host keys.
> [...]
> > Is there an issue with using certificate based host keys, as Jochen
> > suggests
> 
> (FWIW, that actually was Stephen Harris <lists@xxxxxxxxxx>, as in, the
> *other* guy you Cc:ed. I'm afraid that my employer could not, so far, be
> interested in using SSH certificates, in spite of clear use cases, so my
> experience with them is pretty much nil. :-/ )

Sorry about the quoting mistake.

If you do look at certificates in future, there is a couple of cool
projects on github for using a certificate authority for the client
authorisation part.

Although I haven't tried it, ssh-cert-authority looks quite good
https://github.com/cloudtools/ssh-cert-authority

Uber's pam-ussh is another possibility, but I haven't tried that either.

Perhaps a certificate authority can become part of the openssh suite in
future too?

Rory

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux