|
On 1/10/2019 10:55 AM, Corey Minyard
wrote:
It is unusual, perhaps, but I'm trying to implement something like ssh does. I can't expect users of ser2net to obtain certificates from a real certificate authority, that's too high a barrier for entry. I want them to be able to generate a key pair, put the public key on the server in their account, and authenticate against that.
Nobody said you needed a real certificate authority. You need a *trusted* certificate authority. You could put the user's self-signed certificate into their account as a trusted CA. However... it seems like you're reinventing ssh. Your
replacement for ssh will likely require a custom client, which
will be a pain in the neck for your users. Maybe you should start
with an existing ssh library and hack it until it behaves the way
you need. -- Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris |
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
