Public storage for public keys

Simon Wilkinson sxw at dcs.ed.ac.uk
Tue Jan 15 08:38:40 EST 2002


On Mon, 14 Jan 2002, Markus Friedl wrote:

> how can you trust ldap? or dns?

In the LDAP case, you use a connection method that securely authenticates
the server. The two obvious options here are Kerberos or TLS. Of course,
if you're using Kerberos you can just use GSSAPI key exchange, and you
don't need to distribute your public keys, but thats another can of worms.

I've got code that pushes both ssh v1 and v2 keys into LDAP and uses this
to maintain known hosts maps. I've been promising to package this up and
distribute it for ages - its now nearing the top of my list.

Cheers,

Simon.




More information about the openssh-unix-dev mailing list