Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] sshd and key authority -- inspired by deadmanish



One of the problems with ssh is the "I have to connect to the machine to
copy my public key before I can connect with my key to the machine"
problem.

One of the cool, but little used, features of sshd is the
TrustedUserCAKeys setting.

This allows you to create a public/private centralized key authority, (you
use openssl to create the authority) and you can use:

ssh-keygen -f ca.key  -y > ca.sshd

This will create the sshd authority key, (the ca.key and ca.pub was set up
by openssl.) put in sshd_config as:

TrustedUserCAKeys   /path/ca.sshd

Now, create your key as you normally would.

ssh-keygen -f yourkeyname

Here's the fun part! Sign it:
ssh-keygen -s ca.pem -I "yourname" -n yourlogin -V +2d yourkeyname.pub

The above does a two things:
(1) Creates a certificate public key that is signed with your central
authority.
(2) The -V command line option limits how long the key is valid

This allows you to give someone a key that is valid for a certain number
of days.





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org