Re: hostkey Management bei kleinen Organisationen mit mehren Maschinen

From: Christian Weisgerber <naddy_at_mips.inka.de>
Date: Thu, 20 Feb 2020 18:38:32 -0000 (UTC)
On 2020-02-20, Philipp Schafft <lion_at_lion.leolix.org> wrote:

> Was wir nun gemacht haben um den ganzen Kuttelmuttel mit den Keys zu
> vermeiden ist folgendes:

Das ist auch eine Gelegenheit, einen Blick auf Zertifikate zu werfen.
Aus ssh-keygen(1):

CERTIFICATES
     ssh-keygen supports signing of keys to produce certificates that may be
     used for user or host authentication.  Certificates consist of a public
     key, some identity information, zero or more principal (user or host)
     names and a set of options that are signed by a Certification Authority
     (CA) key.  Clients or servers may then trust only the CA key and verify
     its signature on a certificate rather than trusting many user/host keys.
     Note that OpenSSH certificates are a different, and much simpler, format
     to the X.509 certificates used in ssl(8).

-- 
Christian "naddy" Weisgerber                          naddy_at_mips.inka.de
-- 
UUGRN e.V. http://www.uugrn.org/
http://mailman.uugrn.org/mailman/listinfo/uugrn
Wiki: https://wiki.uugrn.org/UUGRN:Mailingliste
Archiv: http://lists.uugrn.org/
Received on 20.02.2020

This archive was generated by hypermail 2.3.0 : 20.02.2020 CET