SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-18-2008, 09:00 AM
| ||||
| ||||
 Re: OpenSSH Certkey (PKI) Wolfgang S. Rupprecht wrote: > Daniel Lang <dl@leo.org> writes: > >>Are you, by any chance, mixing up "known_hosts" and "authorized_keys"? > > > Oops. I quoted the wrong section. I had meant to quote the section > about the user_certificates. This is what I meant to cite: > > +A user certificate is an authorization made by the CA that the > +holder of a specific private key may login to the server as a > +specific user, without the need of an authorized_keys file being > +present. The CA gains the power to grant individual users access > +to the server, and users do no longer need to maintain > +authorized_keys files of their own. > > I don't see a problem with the host certificates methodology. (In > fact I'd love to see the known_hosts files fade away as more hosts > transition to using host certificates.) Host certificate verification is separate from user authentication/authorization through certificates. You you can use one without using and enabling the other. -- Andre      |
Linear Mode
