Re: hostkey Management bei kleinen Organisationen mit mehren Maschinen

From: Christian Weisgerber <>
Date: Thu, 20 Feb 2020 18:38:32 -0000 (UTC)
On 2020-02-20, Philipp Schafft <> wrote:

> Was wir nun gemacht haben um den ganzen Kuttelmuttel mit den Keys zu
> vermeiden ist folgendes:

Das ist auch eine Gelegenheit, einen Blick auf Zertifikate zu werfen.
Aus ssh-keygen(1):

     ssh-keygen supports signing of keys to produce certificates that may be
     used for user or host authentication.  Certificates consist of a public
     key, some identity information, zero or more principal (user or host)
     names and a set of options that are signed by a Certification Authority
     (CA) key.  Clients or servers may then trust only the CA key and verify
     its signature on a certificate rather than trusting many user/host keys.
     Note that OpenSSH certificates are a different, and much simpler, format
     to the X.509 certificates used in ssl(8).

Christian "naddy" Weisgerber                
Received on 20.02.2020

This archive was generated by hypermail 2.3.0 : 20.02.2020 CET