openssh keys in ldap

jeff mcelroy jmcelroy at dtgnet.com
Thu Jul 19 00:11:02 EST 2001


Pekka Savola wrote:

> On Wed, 18 Jul 2001, Jakob Schlyter wrote:
> > On Mon, 16 Jul 2001, jeff mcelroy wrote:
> >
> > > Is there any work going into placing keys in a central directory such as
> > > LDAP ?
> >
> > I see a problem with finding out what ldap server that has the key for
> > host.example.com? and then communicate securly and fast enough with that
> > server.
> >
> > I would rather consider the dnssec support to be the preferred key
> > distribution mechanism in the future.
>
> I think the original meant placing keys of all servers _within
> organization_ to a central _internal_ directory.
>
> This is what I though of it at any rate.
>
> For "global" secure key access, dnssec is the way to go (if you want to
> put them in a database at any rate, and can proof the transaction).
>
> --
> Pekka Savola                 "Tell me of difficulties surmounted,
> Netcore Oy                   not those you stumble over and fall"
> Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords

    We have openssh deployed accross our organization and have to add/remove
entries into the known_hosts / authorized_keys files often.  I am looking for a
way to centrally manage these keys.

Jeff McElroy
jmcelroy at dtgnet.com



More information about the openssh-unix-dev mailing list