X.509 support in ssh (revisited)
Dan Kaminsky
dan at doxpara.com
Thu Jan 24 10:13:40 EST 2002
> Hmm. Of course it finally comes down to the CA. And I don't think it makes
> sense to add the large commercial CAs (actually, is there anybody left
> beyond Verisign anyway?) by default.
> But it would my life easier just being my own CA, signing for the hosts
> I have. By now I distribute my public keys with rdist (via SSH of course
:-),
> but this doesn't work with lots of our Linux-machines which are not
available
> all day long (switched off, booted into Windows) and is only nice with
> the 24x7 machines.
Throw an rsync into the rc.local of the linux partitions, then. If you
can't push 'em out, suck 'em in.
Mind sending me a quick doc describing your rdist conf?
--Dan
More information about the openssh-unix-dev
mailing list