On 07/12/23, Philip Prindeville (philipp_subx@xxxxxxxxxxxxxxxxxxxxx) wrote: > We have a CLI that certain users get dropped into when they log in. One of the things they can go is generate certificates (actually .p12 key/certificate bundles) that they will then scp out of the box from another host. Off topic, and assuming the .p12 bundles need to be post-processed by clients for use by ssh, might it not be worth considering an ssh certificate signing authority? I've made the proof-of-concept noted below, which adds certificates to forwarded agents. It doesn't need shell accounts, but prsently requires ssh public keys to be added to a yaml file: https://github.com/rorycl/sshagentca Cheers, Rory _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
