Re: SSH resources, specifically on certificates (certificate authentication)
On Wednesday, July 13, 2022 07:09:33 PM Jeremy Ardley wrote:
> I understand that certificate based SSH authentication has problems with
> overall security management on a network. Password only has similar
> problems.
I'm not sure it has any more problems than ssh public key authentication,
maybe even less, but that is part of what I'm trying to learn / determine.
> The correct solution seems to be a centrally managed authentication
> server but I haven't found any simple guide to implementing that in the
> Debian environment. Is there any useful tutorial available?
tomas makes one suggestion in a later post to this thread.
Another way that I think is along the lines you're talking about is referred
to as gssapi (iirc) (at least in some of the man pages), of which Kerberos is
one variety (iiuc) -- there are apparently other varieties.
I don't plan on digging into that. ;-)
--
rhk
If you reply: snip, snip, and snip again; leave attributions; avoid top
posting; and keep it "on list". (Oxford comma included at no charge.) If you
change topics, change the Subject: line.
A picture is worth a thousand words -- divide by 10 for each minute of video
(or audio) or create a transcript and edit it to 10% of the original.
Reply to: