Hello, OpenSSH-wizards. In our company, we have looked into SSH-HostKey-signing in order to realize automated access without the need to accept the server's hostkey, manually. I got it to work with the HostCertificate-directive inside the sshd_config. Now, I was wondering whether it is possible to have multiple signatures, so I can, for example, sign the hostkey once with a company-internal CA to prove to my colleagues that the server belongs to our company and to sign again with another CA that belongs to say a specific project so all the servers in this project can be sure to talk to another project server. Furthermore, I did not find out, how I would sign different hostkey- types. (Like RSA and ECDSA.) Is it possible to realize both? Thanks and best regards, Jan -- Mit freundlichen Grüßen Jan Bergner DevOps-Engineer | Corporate Information Management Arvato Supply Chain Solutions Gottlieb-Daimler-Str. 1 33428 Harsewinkel Deutschland Telefon: +49 (5241) 80 - 40354 jan.bergner@xxxxxxxxxx<mailto:michael.nagel@xxxxxxxxxxxxxx> <http://www.arvato-supply-chain.com>http://www.arvato-supply-chain.com Arvato Distribution GmbH | Sitz Harsewinkel | Amtsgericht Gütersloh HRB 2200 Geschäftsführer: Andreas Barth, Carsten Coesfeld, Frank Schirrmeister, Boris Scholz, Dr. Thorsten Winkelmann ________________________________ Diese E-Mail und eventuelle Anlagen können vertrauliche und/oder rechtlich geschützte Informationen enthalten. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail sind nicht gestattet. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
