Re: hostkey Management bei kleinen Organisationen mit mehren Maschinen

From: Marc Haber <mh+uugrn_at_zugschlus.de>
Date: Thu, 20 Feb 2020 19:46:01 +0100
On Thu, Feb 20, 2020 at 06:38:32PM -0000, Christian Weisgerber wrote:
> On 2020-02-20, Philipp Schafft <lion_at_lion.leolix.org> wrote:
> 
> > Was wir nun gemacht haben um den ganzen Kuttelmuttel mit den Keys zu
> > vermeiden ist folgendes:
> 
> Das ist auch eine Gelegenheit, einen Blick auf Zertifikate zu werfen.
> Aus ssh-keygen(1):
> 
> CERTIFICATES
>      ssh-keygen supports signing of keys to produce certificates that may be
>      used for user or host authentication.  Certificates consist of a public
>      key, some identity information, zero or more principal (user or host)
>      names and a set of options that are signed by a Certification Authority
>      (CA) key.  Clients or servers may then trust only the CA key and verify
>      its signature on a certificate rather than trusting many user/host keys.
>      Note that OpenSSH certificates are a different, and much simpler, format
>      to the X.509 certificates used in ssl(8).

Gerne.

Möchtest Du's machen?

Grüße
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany    |  lose things."    Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421
-- 
UUGRN e.V. http://www.uugrn.org/
http://mailman.uugrn.org/mailman/listinfo/uugrn
Wiki: https://wiki.uugrn.org/UUGRN:Mailingliste
Archiv: http://lists.uugrn.org/
Received on 20.02.2020

This archive was generated by hypermail 2.3.0 : 20.02.2020 CET