shared private key
Gert Doering
gert at greenie.muc.de
Thu Apr 23 16:56:23 AEST 2015
Hi,
On Wed, Apr 22, 2015 at 02:51:02PM -0700, Reuben Hawkins wrote:
> Can a signed key from a common CA fit in this process somewhere? I do
> want to avoid forcing a requirement onto our customers to get keys
> signed by us, or anybody else.
"common" = "common to the client and server", no external parties needed.
Recent OpenSSH versions can handle signed keys, so if your management
system can generate keys for both client and server, and sign them, all
the systems know that they all belong to the same management domain - and
you could trust all keys signed with a given signature (if I understood
that part right, didn't try it yet).
Might not fit your need, but worth consideration.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the openssh-unix-dev
mailing list