Help with CA Certificates for user authentication?

Iain Morgan imorgan at nas.nasa.gov
Sat Nov 5 08:07:27 EST 2011


Quite true, but that's not something that should be encouraged for
general user authentication. Of course, if sufficient restrictions are
placed on the cert, it may be a reasonable option.

On Fri, Nov 04, 2011 at 13:25:55 -0500, ?ngel Gonz?lez wrote:
> Iain Morgan wrote:
> > Using certificates does not bypass the need for a passphrase. For both
> > certificate and public-key authentication, the candidate key or
> > certificate is first presented to the server to see if it will be
> > accepted. If the server is willing to accept the key or cert, you then
> > move on to the stage where an actual signature is required.
> >
> > Note that just as with conventional public-key authentication, you can
> > use ssh-agent to avoid having to enter the passphrase every time.
> 
> I guess it should be equally possible to use a passwordless file...
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

-- 
Iain Morgan


More information about the openssh-unix-dev mailing list