Displaying 3 results from an estimated 3 matches for "based_authentication".
2023 Nov 10
1
@cert-authority for hostbased auth - sans shosts?
...following:
@cert-authority *.example.com ecdsa-sha2-nistp256 AAAAE2V...
Would accept the host certificate authority for *.example.com. The "Hostnames" field can be expanded as needed, and can enclude hashed hostnames.
See:
https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Certificate-based_Authentication#4._Updating_Clients_to_Acknowledge_the_Designated_Certificate_Authority
Another example (from the sshd man page)
cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W...
Could that work for you?
Rory
2023 Nov 09
1
@cert-authority for hostbased auth - sans shosts?
Hi,
we're looking to reduce the number of host lists that
need to be kept in sync in our system. (There are quite a few of them
all over the place)
OpenSSH CAs are an obvious solution for not having to
keep all host keys in sync in /etc/ssh/known_hosts, however,
while OpenSSH does support using a CA in conjunction with hostbased
authentication,
it still requires a list of all authorized
2023 Nov 10
1
@cert-authority for hostbased auth - sans shosts?
...thority *.example.com ecdsa-sha2-nistp256 AAAAE2V...
>
> Would accept the host certificate authority for *.example.com. The "Hostnames" field can be expanded as needed, and can enclude hashed hostnames.
>
> See:
> https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Certificate-based_Authentication#4._Updating_Clients_to_Acknowledge_the_Designated_Certificate_Authority
>
> Another example (from the sshd man page)
>
> cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W...
>
> Could that work for you?
AIUI what he is asking for is a file that combines the host...