[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: hostkey Management bei kleinen Organisationen mit mehren Maschinen
[Thread Prev] | [Thread Next]
- Subject: Re: hostkey Management bei kleinen Organisationen mit mehren Maschinen
- From: Christian Weisgerber <naddy@xxxxxxxxxxxx>
- Date: Thu, 20 Feb 2020 18:38:32 -0000 (UTC)
- To: uugrn@xxxxxxxxxxxxxxx
On 2020-02-20, Philipp Schafft <lion@xxxxxxxxxxxxxxx> wrote:
> Was wir nun gemacht haben um den ganzen Kuttelmuttel mit den Keys zu
> vermeiden ist folgendes:
Das ist auch eine Gelegenheit, einen Blick auf Zertifikate zu werfen.
Aus ssh-keygen(1):
CERTIFICATES
ssh-keygen supports signing of keys to produce certificates that may be
used for user or host authentication. Certificates consist of a public
key, some identity information, zero or more principal (user or host)
names and a set of options that are signed by a Certification Authority
(CA) key. Clients or servers may then trust only the CA key and verify
its signature on a certificate rather than trusting many user/host keys.
Note that OpenSSH certificates are a different, and much simpler, format
to the X.509 certificates used in ssl(8).
--
Christian "naddy" Weisgerber naddy@xxxxxxxxxxxx
--
UUGRN e.V. http://www.uugrn.org/
http://mailman.uugrn.org/mailman/listinfo/uugrn
Wiki: https://wiki.uugrn.org/UUGRN:Mailingliste
Archiv: http://lists.uugrn.org/