X.509 support in ssh (revisited)

Markus Friedl markus at openbsd.org
Thu Jan 24 07:23:55 EST 2002


On Wed, Jan 23, 2002 at 01:52:54PM -0500, Ed Phillips wrote:
> somehow leverage LDAP+SSL in the ssh client to verify hostkeys instead of

you don't need LDAP for this, just a
	TrustedCAs /etc/ssh/ca
in sshd_config

> relying on ~/.ssh/known_hosts in 30000+ user's insecure-NFS-mounted home
> directories (which got shot down in flames).

you don't want this in $HOME, use /etc/ssh_known_hosts instead.



More information about the openssh-unix-dev mailing list