OpenSSH key signing service?

Stef Bon stefbon at
Wed Dec 27 06:09:25 AEDT 2017

2017-12-25 23:37 GMT+01:00 Peter Moody <mindrot at>:

I perfectly understand that central management of keys is when
handling much hosts and many users is a good solution,
but I think it's a bit odd.

Please correct me if I'm wrong, the host receives from the authority
keys, and uses those to do the signature checking, or the creation of
a signature.
Keys are send from the authority to the host.
But why don't let the authority handle everything with the server to
connect to, keymaterial stays on the cert authority.


More information about the openssh-unix-dev mailing list