Multiple Signatures on SSH-Hostkeys

[Bergner, Jan, A-SCM-CIM-SD]

Hello, OpenSSH-wizards.


In our company, we have looked into SSH-HostKey-signing in order to

realize automated access without the need to accept the server's

hostkey, manually.


I got it to work with the HostCertificate-directive inside the

sshd_config.


Now, I was wondering whether it is possible to have multiple

signatures, so I can, for example, sign the hostkey once with a

company-internal CA to prove to my colleagues that the server belongs

to our company and to sign again with another CA that belongs to say a

specific project so all the servers in this project can be sure to talk

to another project server.

Furthermore, I did not find out, how I would sign different hostkey-

types. (Like RSA and ECDSA.)


Is it possible to realize both?



Thanks and best regards,

Jan




--

Mit freundlichen Grüßen



Jan Bergner
DevOps-Engineer | Corporate Information Management
Arvato Supply Chain Solutions



Gottlieb-Daimler-Str. 1
33428 Harsewinkel
Deutschland



Telefon:

+49 (5241) 80 - 40354



jan.bergner at arvato.com<mailto:michael.nagel at bertelsmann.de>

<http://www.arvato-supply-chain.com>http://www.arvato-supply-chain.com

Arvato Distribution GmbH | Sitz Harsewinkel | Amtsgericht Gütersloh HRB 2200
Geschäftsführer: Andreas Barth, Carsten Coesfeld, Frank Schirrmeister, Boris Scholz, Dr. Thorsten Winkelmann

________________________________

Diese E-Mail und eventuelle Anlagen können vertrauliche und/oder rechtlich geschützte Informationen enthalten. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail sind nicht gestattet.