shared private key

Gert Doering gert at greenie.muc.de
Thu Apr 23 16:56:23 AEST 2015


Hi,

On Wed, Apr 22, 2015 at 02:51:02PM -0700, Reuben Hawkins wrote:
> Can a signed key from a common CA fit in this process somewhere?  I do
> want to avoid forcing a requirement onto our customers to get keys
> signed by us, or anybody else.

"common" = "common to the client and server", no external parties needed.

Recent OpenSSH versions can handle signed keys, so if your management 
system can generate keys for both client and server, and sign them, all 
the systems know that they all belong to the same management domain - and 
you could trust all keys signed with a given signature (if I understood 
that part right, didn't try it yet).

Might not fit your need, but worth consideration.

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de


More information about the openssh-unix-dev mailing list