Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
zokier
on Sept 14, 2013
|
parent
|
context
|
favorite
| on:
Securing a Linux Server
Better way to reduce the need for copying keys around would be setting up a private CA, and signing the individual keys with it. Of course you need to keep the CA key secure, I'd strongly suggest removable media or preferably a real HSM.
nl
on Sept 14, 2013
[–]
Can you explain how this would work?
How do I use a private CA to generate(?) keys for ssh authentication?
zokier
on Sept 14, 2013
|
parent
[–]
https://blog.habets.se/2011/07/OpenSSH-certificates
hopefully explains how to set up CA for SSH
sgs1370
on Sept 15, 2013
|
root
|
parent
[–]
Thanks for this tip, I can't believe I missed the announcement about this feature of SSH, but this is gold.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search: