Re: hostkey Management bei kleinen Organisationen mit mehren Maschinen

From: Marc Haber <>
Date: Thu, 20 Feb 2020 19:46:01 +0100
On Thu, Feb 20, 2020 at 06:38:32PM -0000, Christian Weisgerber wrote:
> On 2020-02-20, Philipp Schafft <> wrote:
> > Was wir nun gemacht haben um den ganzen Kuttelmuttel mit den Keys zu
> > vermeiden ist folgendes:
> Das ist auch eine Gelegenheit, einen Blick auf Zertifikate zu werfen.
> Aus ssh-keygen(1):
>      ssh-keygen supports signing of keys to produce certificates that may be
>      used for user or host authentication.  Certificates consist of a public
>      key, some identity information, zero or more principal (user or host)
>      names and a set of options that are signed by a Certification Authority
>      (CA) key.  Clients or servers may then trust only the CA key and verify
>      its signature on a certificate rather than trusting many user/host keys.
>      Note that OpenSSH certificates are a different, and much simpler, format
>      to the X.509 certificates used in ssl(8).


Möchtest Du's machen?


Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany    |  lose things."    Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421
Received on 20.02.2020

This archive was generated by hypermail 2.3.0 : 20.02.2020 CET