Displaying 4 results from an estimated 4 matches for "aaaae2v".
2023 Nov 10
1
@cert-authority for hostbased auth - sans shosts?
....
I'm not familiar with the use of .rhosts/.shosts, but I don't think those are needed at all with a machine or per-user known_hosts file/files utilizing host certificates.
The known_hosts file can have patterns such as the following:
@cert-authority *.example.com ecdsa-sha2-nistp256 AAAAE2V...
Would accept the host certificate authority for *.example.com. The "Hostnames" field can be expanded as needed, and can enclude hashed hostnames.
See:
https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Certificate-based_Authentication#4._Updating_Clients_to_Acknowledge_the_Designated_Cer...
2023 Nov 09
1
@cert-authority for hostbased auth - sans shosts?
Hi,
we're looking to reduce the number of host lists that
need to be kept in sync in our system. (There are quite a few of them
all over the place)
OpenSSH CAs are an obvious solution for not having to
keep all host keys in sync in /etc/ssh/known_hosts, however,
while OpenSSH does support using a CA in conjunction with hostbased
authentication,
it still requires a list of all authorized
2023 Nov 10
1
@cert-authority for hostbased auth - sans shosts?
...iar with the use of .rhosts/.shosts, but I don't think those are needed at all with a machine or per-user known_hosts file/files utilizing host certificates.
>
> The known_hosts file can have patterns such as the following:
>
> @cert-authority *.example.com ecdsa-sha2-nistp256 AAAAE2V...
>
> Would accept the host certificate authority for *.example.com. The "Hostnames" field can be expanded as needed, and can enclude hashed hostnames.
>
> See:
> https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Certificate-based_Authentication#4._Updating_Clients_to_Ackno...
2020 Mar 24
2
[Feature Request] Add (and check against) IP to known_hosts even when domain is used to connect
Hello Bob and thank you for your reply,
first of all I hope that I'm answering in the right way since I had
enabled the daily digest and I'm not sure if it's the right way to use
Thunderbirds "Reply List" feature on this digest. If it's wrong this way
I apologize. I turned of the daily digest so my next messages should be
correct.
> Are you aware of HostKeyAlias?