Comment by egberts1
3 months ago
For those that are exploring software-based public certificate and OpenSSH, Ive broken down the settings for most PKI handlers.
https://egbert.net/blog/articles/openssh-file-authorized_key...
3 months ago
For those that are exploring software-based public certificate and OpenSSH, Ive broken down the settings for most PKI handlers.
https://egbert.net/blog/articles/openssh-file-authorized_key...
Thanks for sharing this! I think I may now have what I need to set up a system with multi-user shared keys that only work for a given set of users.
I do enjoy dual-PK-certificate authentication in my homelab: one by equipment, and one by user/group.
Only misgiving is that the key management issues have worsen only for the key administrator(s). But it is a viable and sustainable AA model because there is the most important security component: instant denial of a user and/or a equupment.
We must have knocked your site offline
Uptime remains uninterrupted.
Are you using the verboten Chrome and its inability to negotiate and defer to server absolut side of ChaCha20-Poly1305 with sha512? It refuses client-demanded Chrome-forced ChaCha/sha256, AES and then RSA.