X.509 support in ssh (revisited)
Markus Friedl
markus at openbsd.org
Thu Jan 24 07:23:55 EST 2002
On Wed, Jan 23, 2002 at 01:52:54PM -0500, Ed Phillips wrote:
> somehow leverage LDAP+SSL in the ssh client to verify hostkeys instead of
you don't need LDAP for this, just a
TrustedCAs /etc/ssh/ca
in sshd_config
> relying on ~/.ssh/known_hosts in 30000+ user's insecure-NFS-mounted home
> directories (which got shot down in flames).
you don't want this in $HOME, use /etc/ssh_known_hosts instead.
More information about the openssh-unix-dev
mailing list