search for: aaaab5w

Displaying 3 results from an estimated 3 matches for "aaaab5w".

Did you mean: aaaab
2023 Nov 10
1
@cert-authority for hostbased auth - sans shosts?
...needed, and can enclude hashed hostnames. See: https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Certificate-based_Authentication#4._Updating_Clients_to_Acknowledge_the_Designated_Certificate_Authority Another example (from the sshd man page) cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W... Could that work for you? Rory
2023 Nov 09
1
@cert-authority for hostbased auth - sans shosts?
Hi, we're looking to reduce the number of host lists that need to be kept in sync in our system. (There are quite a few of them all over the place) OpenSSH CAs are an obvious solution for not having to keep all host keys in sync in /etc/ssh/known_hosts, however, while OpenSSH does support using a CA in conjunction with hostbased authentication, it still requires a list of all authorized
2023 Nov 10
1
@cert-authority for hostbased auth - sans shosts?
...names. > > See: > https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Certificate-based_Authentication#4._Updating_Clients_to_Acknowledge_the_Designated_Certificate_Authority > > Another example (from the sshd man page) > > cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W... > > Could that work for you? AIUI what he is asking for is a file that combines the host identity of the system-wide ssh_known_hosts file with the host/user authorisation of shosts in a single file. This might be a little cleaner, but IMO not so much so as to be highly motivating (perso...