OpenSSH key signing service?

John Devitofranceschi jdvf at
Tue Dec 26 03:09:46 AEDT 2017

> On Dec 25, 2017, at 9:52 AM, Stephen Harris <lists at> wrote:
>> (Blargh is right ( <>). Googling for this stuff is *hard*:)
> Does  help at all?

Yes, I did see that in my wanderings. It’s a very nice summary of the nuts and bolts of things.

"We just need the workflows to do the signing :-)”

I’m interested in that bit, though!  

I managed to get the basic stuff working on a couple of lab systems in a few minutes.  I even 
set AuthorizedKeysFile to /dev/null in sshd_config to strictly enforce using the signed key. 

Now I need it to scale!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2393 bytes
Desc: not available
URL: <>

More information about the openssh-unix-dev mailing list