undefined | Better HN

0 pointsbayindirh1y ago0 comments

I'd love to see the central repository to be breached and tons of computers get new users instantly.

I mean, the idea is nice. There's an alternative implementation being used already in some parts of the world, but their own OIDC provider of their choice.

Decentralization is the key here.

I can neither confirm nor deny the pun is intended.

0 comments

3 comments · 2 top-level

notTooFarGone1y ago· 1 in thread

If you lose your root CA certificate you sure are done for too.

Is it better than passwords? 100% - is it perfect? It does not have to be for a lot of use cases.

bayindirhOP1y ago

Or you can use a local installation with even less risk.

See: https://github.com/EOSC-synergy/ssh-oidc

It's not hard to install, and works as advertised, plus it can talk with any OIDC provider your choice, incl. yours.

theamk1y ago

the central directory in this case is google.com (or github.com, or whatever your OIDC provider is)

If it gets breached, there will be significantly more problems than unauthorized ssh login.

(and this is a beauty of this compared to something like sshca: there is only one party that you need to trust, and you can choose a party that's unlikely to be breached)

1 more reply

j / k navigate · click thread line to collapse