OpenSSH key signing service?
stefbon at gmail.com
Wed Dec 27 06:09:25 AEDT 2017
2017-12-25 23:37 GMT+01:00 Peter Moody <mindrot at hda3.com>:
I perfectly understand that central management of keys is when
handling much hosts and many users is a good solution,
but I think it's a bit odd.
Please correct me if I'm wrong, the host receives from the authority
keys, and uses those to do the signature checking, or the creation of
Keys are send from the authority to the host.
But why don't let the authority handle everything with the server to
connect to, keymaterial stays on the cert authority.
More information about the openssh-unix-dev