search for: aaaae2v

.... I'm not familiar with the use of .rhosts/.shosts, but I don't think those are needed at all with a machine or per-user known_hosts file/files utilizing host certificates. The known_hosts file can have patterns such as the following: @cert-authority *.example.com ecdsa-sha2-nistp256 AAAAE2V... Would accept the host certificate authority for *.example.com. The "Hostnames" field can be expanded as needed, and can enclude hashed hostnames. See: https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Certificate-based_Authentication#4._Updating_Clients_to_Acknowledge_the_Designated_Cer...

Hi, we're looking to reduce the number of host lists that need to be kept in sync in our system. (There are quite a few of them all over the place) OpenSSH CAs are an obvious solution for not having to keep all host keys in sync in /etc/ssh/known_hosts, however, while OpenSSH does support using a CA in conjunction with hostbased authentication, it still requires a list of all authorized

...iar with the use of .rhosts/.shosts, but I don't think those are needed at all with a machine or per-user known_hosts file/files utilizing host certificates. > > The known_hosts file can have patterns such as the following: > > @cert-authority *.example.com ecdsa-sha2-nistp256 AAAAE2V... > > Would accept the host certificate authority for *.example.com. The "Hostnames" field can be expanded as needed, and can enclude hashed hostnames. > > See: > https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Certificate-based_Authentication#4._Updating_Clients_to_Ackno...

Hello Bob and thank you for your reply, first of all I hope that I'm answering in the right way since I had enabled the daily digest and I'm not sure if it's the right way to use Thunderbirds "Reply List" feature on this digest. If it's wrong this way I apologize. I turned of the daily digest so my next messages should be correct. > Are you aware of HostKeyAlias?