undefined | Better HN

0 pointspassword43211y ago0 comments

TIL about PKIX-SSH, OpenSSH + X.509.

http://tech.ciges.net/blog/openssh-with-x509-certificates-ho...

Right now I'd stick with something like Gravitational Teleport (overkill); Warpgate may become the perfect fit for this niche soon.

https://github.com/warp-tech/warpgate

It's also worth knowing about SSH clients that can use X.509 certificate keys as normal pre-shared keys with any SSH server, like PuttyCAC and built-in for macOS High Sierra and later.

https://www.idmanagement.gov/implement/scl-ssh/

0 comments

zie1y ago

OpenBAO and Hashicorp Vault also have built-in support for SSH certs: https://openbao.org/docs/secrets/ssh/signed-ssh-certificates...

j / k navigate · click thread line to collapse