OpenSSH key signing service?
John Devitofranceschi
jdvf at optonline.net
Tue Dec 26 03:09:46 AEDT 2017
> On Dec 25, 2017, at 9:52 AM, Stephen Harris <lists at spuddy.org> wrote:
>
>> (Blargh is right (https://blog.habets.se/2011/07/OpenSSH-certificates.html <https://blog.habets.se/2011/07/OpenSSH-certificates.html>). Googling for this stuff is *hard*:)
>
> Does https://www.sweharris.org/post/2016-10-30-ssh-certs/ help at all?
>
>
Yes, I did see that in my wanderings. It’s a very nice summary of the nuts and bolts of things.
"We just need the workflows to do the signing :-)”
I’m interested in that bit, though!
I managed to get the basic stuff working on a couple of lab systems in a few minutes. I even
set AuthorizedKeysFile to /dev/null in sshd_config to strictly enforce using the signed key.
Now I need it to scale!
jd
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2393 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20171225/40bc7599/attachment.p7s>
More information about the openssh-unix-dev
mailing list