Displaying 3 results from an estimated 3 matches for "aaaab5w".
Did you mean:
aaaab
2023 Nov 10
1
@cert-authority for hostbased auth - sans shosts?
...needed, and can enclude hashed hostnames.
See:
https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Certificate-based_Authentication#4._Updating_Clients_to_Acknowledge_the_Designated_Certificate_Authority
Another example (from the sshd man page)
cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W...
Could that work for you?
Rory
2023 Nov 09
1
@cert-authority for hostbased auth - sans shosts?
Hi,
we're looking to reduce the number of host lists that
need to be kept in sync in our system. (There are quite a few of them
all over the place)
OpenSSH CAs are an obvious solution for not having to
keep all host keys in sync in /etc/ssh/known_hosts, however,
while OpenSSH does support using a CA in conjunction with hostbased
authentication,
it still requires a list of all authorized
2023 Nov 10
1
@cert-authority for hostbased auth - sans shosts?
...names.
>
> See:
> https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Certificate-based_Authentication#4._Updating_Clients_to_Acknowledge_the_Designated_Certificate_Authority
>
> Another example (from the sshd man page)
>
> cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W...
>
> Could that work for you?
AIUI what he is asking for is a file that combines the host identity
of the system-wide ssh_known_hosts file with the host/user authorisation
of shosts in a single file.
This might be a little cleaner, but IMO not so much so as to be highly
motivating (perso...