OpenSSH key signing service?
jdvf at optonline.net
Tue Dec 26 03:09:46 AEDT 2017
> On Dec 25, 2017, at 9:52 AM, Stephen Harris <lists at spuddy.org> wrote:
>> (Blargh is right (https://blog.habets.se/2011/07/OpenSSH-certificates.html <https://blog.habets.se/2011/07/OpenSSH-certificates.html>). Googling for this stuff is *hard*:)
> Does https://www.sweharris.org/post/2016-10-30-ssh-certs/ help at all?
Yes, I did see that in my wanderings. It’s a very nice summary of the nuts and bolts of things.
"We just need the workflows to do the signing :-)”
I’m interested in that bit, though!
I managed to get the basic stuff working on a couple of lab systems in a few minutes. I even
set AuthorizedKeysFile to /dev/null in sshd_config to strictly enforce using the signed key.
Now I need it to scale!
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2393 bytes
Desc: not available
More information about the openssh-unix-dev